From 8b1772c86b20d06ae6bd8ccf4b20f6df4cd86b62 Mon Sep 17 00:00:00 2001
From: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
Date: Wed, 12 Oct 2016 06:07:13 +0000
Subject: [PATCH] oci/defaults_linux.go: mask /sys/firmware

On typical x86_64 machines, /sys/firmware can contain SMBIOS and ACPI tables.
There is no need to expose the directory to containers.

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
---
 oci/defaults_linux.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/oci/defaults_linux.go b/oci/defaults_linux.go
index 227caca960..8b3ce7281b 100644
--- a/oci/defaults_linux.go
+++ b/oci/defaults_linux.go
@@ -83,6 +83,7 @@ func DefaultSpec() specs.Spec {
 			"/proc/timer_list",
 			"/proc/timer_stats",
 			"/proc/sched_debug",
+			"/sys/firmware",
 		},
 		ReadonlyPaths: []string{
 			"/proc/asound",