Add /proc/keys to masked paths

This leaks information about keyrings on the host. Keyrings are not namespaced. Signed-off-by: Justin Cormack <justin.cormack@docker.com> Upstream-commit: de23cb939858a66829d5b75057c7ac664c5acda5 Component: engine
2026-01-13 18:22:35 +03:00 · 2018-02-21 16:23:34 +00:00
parent a196815f55
commit 87cd2bf7ea
1 changed files with 1 additions and 0 deletions
--- a/components/engine/oci/defaults.go
+++ b/components/engine/oci/defaults.go
@@ -115,6 +115,7 @@ func DefaultLinuxSpec() specs.Spec {
 	s.Linux = &specs.Linux{
 		MaskedPaths: []string{
 			"/proc/kcore",
+			"/proc/keys",
 			"/proc/latency_stats",
 			"/proc/timer_list",
 			"/proc/timer_stats",