зеркало из https://github.com/microsoft/docker.git
oci/defaults_linux.go: mask /sys/firmware
On typical x86_64 machines, /sys/firmware can contain SMBIOS and ACPI tables. There is no need to expose the directory to containers. Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
This commit is contained in:
Родитель
9bd8c1d332
Коммит
8b1772c86b
|
@ -83,6 +83,7 @@ func DefaultSpec() specs.Spec {
|
|||
"/proc/timer_list",
|
||||
"/proc/timer_stats",
|
||||
"/proc/sched_debug",
|
||||
"/sys/firmware",
|
||||
},
|
||||
ReadonlyPaths: []string{
|
||||
"/proc/asound",
|
||||
|
|
Загрузка…
Ссылка в новой задаче