From f0c2afa19f7b2764a8afa85e50a571e524b2d09c Mon Sep 17 00:00:00 2001
From: carlory <baofa.fan@daocloud.io>
Date: Tue, 9 Jul 2024 13:22:29 +0800
Subject: [PATCH] defaultMaskedPaths must be kept in sync with moby/moby.

---
 pkg/securitycontext/util.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/pkg/securitycontext/util.go b/pkg/securitycontext/util.go
index 5895df0c718..28771b6df27 100644
--- a/pkg/securitycontext/util.go
+++ b/pkg/securitycontext/util.go
@@ -188,7 +188,7 @@ func AddNoNewPrivileges(sc *v1.SecurityContext) bool {
 
 var (
 	// These *must* be kept in sync with moby/moby.
-	// https://github.com/moby/moby/blob/master/oci/defaults.go#L105-L123
+	// https://github.com/moby/moby/blob/master/oci/defaults.go#L105-L124
 	// @jessfraz will watch changes to those files upstream.
 	defaultMaskedPaths = []string{
 		"/proc/asound",
@@ -201,6 +201,7 @@ var (
 		"/proc/sched_debug",
 		"/proc/scsi",
 		"/sys/firmware",
+		"/sys/devices/virtual/powercap",
 	}
 	defaultReadonlyPaths = []string{
 		"/proc/bus",