GitList

Browse code

Add /proc/scsi to masked paths

This is writeable, and can be used to remove devices. Containers do
not need to know about scsi devices.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>

Justin Cormack authored on 2017/11/04 00:12:22
Showing 1 changed files

oci/defaults.go index 0cc07ff..4188071 100644

oci/defaults.go

History View file @ a21ecdf

@@ -119,6 +119,7 @@ func DefaultLinuxSpec() specs.Spec {
                      			"/proc/timer_list",
                      			"/proc/timer_stats",
                      			"/proc/sched_debug",
                     +			"/proc/scsi",
                      		},
                      		ReadonlyPaths: []string{
                      			"/proc/asound",