github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-27 13:37:30 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #125970 from carlory/sync-masked-path-from-moby

Browse Source 
defaultMaskedPaths must be kept in sync with moby/moby
This commit is contained in:
Kubernetes Prow Robot 2024-07-09 07:10:14 -07:00 committed by GitHub
commit bb089b9374
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
pkg/securitycontext/util.go
View File

@ -188,7 +188,7 @@ func AddNoNewPrivileges(sc *v1.SecurityContext) bool {
var ( var (
// These *must* be kept in sync with moby/moby. // These *must* be kept in sync with moby/moby.
// https://github.com/moby/moby/blob/master/oci/defaults.go#L105-L123 // https://github.com/moby/moby/blob/master/oci/defaults.go#L105-L124
// @jessfraz will watch changes to those files upstream. // @jessfraz will watch changes to those files upstream.
defaultMaskedPaths = []string{ defaultMaskedPaths = []string{
"/proc/asound", "/proc/asound",
@ -201,6 +201,7 @@ var (
"/proc/sched_debug", "/proc/sched_debug",
"/proc/scsi", "/proc/scsi",
"/sys/firmware", "/sys/firmware",
"/sys/devices/virtual/powercap",
} }
defaultReadonlyPaths = []string{ defaultReadonlyPaths = []string{
"/proc/bus", "/proc/bus",