GitList

Browse code

This leaks information about keyrings on the host. Keyrings are
not namespaced.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>

Justin Cormack authored on 2018/02/22 01:23:34
Showing 1 changed files

@@ -115,6 +115,7 @@ func DefaultLinuxSpec() specs.Spec {
                      	s.Linux = &specs.Linux{
                      		MaskedPaths: []string{
                      			"/proc/kcore",
                     +			"/proc/keys",
                      			"/proc/latency_stats",
                      			"/proc/timer_list",
                      			"/proc/timer_stats",