Merge pull request from GHSA-jq35-85cj-fj4p
[master] deny /sys/devices/virtual/powercap
This commit is contained in:
Sebastiaan van Stijn
GitHub
commit
c9ccbfad11
2 changed files with 2 additions and 0 deletions
|
|
@ -113,6 +113,7 @@ func DefaultLinuxSpec() specs.Spec {
|
||||||
"/proc/sched_debug",
|
"/proc/sched_debug",
|
||||||
"/proc/scsi",
|
"/proc/scsi",
|
||||||
"/sys/firmware",
|
"/sys/firmware",
|
||||||
|
"/sys/devices/virtual/powercap",
|
||||||
},
|
},
|
||||||
ReadonlyPaths: []string{
|
ReadonlyPaths: []string{
|
||||||
"/proc/bus",
|
"/proc/bus",
|
||||||
|
|
|
||||||
|
|
@ -46,6 +46,7 @@ profile {{.Name}} flags=(attach_disconnected,mediate_deleted) {
|
||||||
deny /sys/fs/c[^g]*/** wklx,
|
deny /sys/fs/c[^g]*/** wklx,
|
||||||
deny /sys/fs/cg[^r]*/** wklx,
|
deny /sys/fs/cg[^r]*/** wklx,
|
||||||
deny /sys/firmware/** rwklx,
|
deny /sys/firmware/** rwklx,
|
||||||
|
deny /sys/devices/virtual/powercap/** rwklx,
|
||||||
deny /sys/kernel/security/** rwklx,
|
deny /sys/kernel/security/** rwklx,
|
||||||
|
|
||||||
# suppress ptrace denials when using 'docker ps' or using 'ps' inside a container
|
# suppress ptrace denials when using 'docker ps' or using 'ps' inside a container
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue