From 532bb2288ef2bbb940976f9e1bbdf5dabd021703 Mon Sep 17 00:00:00 2001
From: Ming-Wei Shih <mishih@microsoft.com>
Date: Thu, 25 Aug 2022 15:40:03 +0000
Subject: [PATCH] Move /proc/asound from defaultReadonlyPaths to
 defaultMaskedPaths (align with moby)

Signed-off-by: Ming-Wei Shih <mishih@microsoft.com>
---
 pkg/securitycontext/util.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkg/securitycontext/util.go b/pkg/securitycontext/util.go
index 82a2fc5e0a9..3332d92cfdb 100644
--- a/pkg/securitycontext/util.go
+++ b/pkg/securitycontext/util.go
@@ -212,9 +212,10 @@ func AddNoNewPrivileges(sc *v1.SecurityContext) bool {
 
 var (
 	// These *must* be kept in sync with moby/moby.
-	// https://github.com/moby/moby/blob/master/oci/defaults.go#L116-L134
+	// https://github.com/moby/moby/blob/master/oci/defaults.go#L105-L123
 	// @jessfraz will watch changes to those files upstream.
 	defaultMaskedPaths = []string{
+		"/proc/asound",
 		"/proc/acpi",
 		"/proc/kcore",
 		"/proc/keys",
@@ -226,7 +227,6 @@ var (
 		"/sys/firmware",
 	}
 	defaultReadonlyPaths = []string{
-		"/proc/asound",
 		"/proc/bus",
 		"/proc/fs",
 		"/proc/irq",