GitList

Browse code

oci/defaults_linux.go: mask /sys/firmware

On typical x86_64 machines, /sys/firmware can contain SMBIOS and ACPI tables.
There is no need to expose the directory to containers.

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>

Akihiro Suda authored on 2016/10/12 15:07:13
Showing 1 changed files

oci/defaults_linux.go index 227caca..8b3ce72 100644

oci/defaults_linux.go

History View file @ 8b1772c

@@ -83,6 +83,7 @@ func DefaultSpec() specs.Spec {
                      			"/proc/timer_list",
                      			"/proc/timer_stats",
                      			"/proc/sched_debug",
                     +			"/sys/firmware",
                      		},
                      		ReadonlyPaths: []string{
                      			"/proc/asound",