We use cookies to ensure you get the best experience on our website
首頁 探索 說明
註冊 登入
0ct0pu5
/
moby
1
0
複刻 0
檔案 問題管理 0 合併請求 0 Wiki
瀏覽代碼

Merge pull request from GHSA-jq35-85cj-fj4p

[23.0 backport] deny /sys/devices/virtual/powercap
Sebastiaan van Stijn 1 年之前
父節點
0360dbe11d dda228b984
當前提交
48ebe353e4
共有 2 個文件被更改,包括 2 次插入0 次删除
統一視圖 顯示文件統計
  1. 1 0
      oci/defaults.go
  2. 1 0
      profiles/apparmor/template.go

+ 1 - 0
oci/defaults.go
查看文件 

@@ -98,6 +98,7 @@ func DefaultLinuxSpec() specs.Spec {
 
 				"/proc/sched_debug",
 
 				"/proc/sched_debug",
 
 				"/proc/scsi",
 
 				"/proc/scsi",
 
 				"/sys/firmware",
 
 				"/sys/firmware",
 
+				"/sys/devices/virtual/powercap",
 
 			},
 
 			},
 
 			ReadonlyPaths: []string{
 
 			ReadonlyPaths: []string{
 
 				"/proc/bus",
 
 				"/proc/bus",

+ 1 - 0
profiles/apparmor/template.go
查看文件 

@@ -49,6 +49,7 @@ profile {{.Name}} flags=(attach_disconnected,mediate_deleted) {
 
   deny /sys/fs/c[^g]*/** wklx,
 
   deny /sys/fs/c[^g]*/** wklx,
 
   deny /sys/fs/cg[^r]*/** wklx,
 
   deny /sys/fs/cg[^r]*/** wklx,
 
   deny /sys/firmware/** rwklx,
 
   deny /sys/firmware/** rwklx,
 
+  deny /sys/devices/virtual/powercap/** rwklx,
 
   deny /sys/kernel/security/** rwklx,
 
   deny /sys/kernel/security/** rwklx,
 
 
 
 {{if ge .Version 208095}}
 
 {{if ge .Version 208095}}

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5