github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-23 03:41:45 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #112037 from mingweishih/update_default_proc_mount

Browse Source 
Move /proc/asound from defaultReadonlyPaths to defaultMaskedPaths
This commit is contained in:
Kubernetes Prow Robot 2023-02-14 23:28:24 -08:00 committed by GitHub
commit 964529b227
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pkg/securitycontext/util.go
View File

@ -188,9 +188,10 @@ func AddNoNewPrivileges(sc *v1.SecurityContext) bool {
var (
// These *must* be kept in sync with moby/moby.
// https://github.com/moby/moby/blob/master/oci/defaults.go#L116-L134
// https://github.com/moby/moby/blob/master/oci/defaults.go#L105-L123
// @jessfraz will watch changes to those files upstream.
defaultMaskedPaths = []string{
"/proc/asound",
"/proc/acpi",
"/proc/kcore",
"/proc/keys",
@ -202,7 +203,6 @@ var (
"/sys/firmware",
}
defaultReadonlyPaths = []string{
"/proc/asound",
"/proc/bus",
"/proc/fs",
"/proc/irq",