569b9702a5
The deafult OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current upstream master does not block /proc/acpi pathnames allowing attackers to modify host's hardware like enabling/disabling bluetooth or turning up/down keyboard brightness. SELinux prevents all of this if enabled. Signed-off-by: Antonio Murdaca <runcom@redhat.com> |
||
---|---|---|
.. | ||
defaults.go | ||
devices_linux.go | ||
devices_unsupported.go | ||
namespaces.go |