Add /proc/scsi to masked paths

This is writeable, and can be used to remove devices. Containers do not need to know about scsi devices. Signed-off-by: Justin Cormack <justin.cormack@docker.com> Upstream-commit: a21ecdf3c8a343a7c94e4c4d01b178c87ca7aaa1 Component: engine
2017-11-03 15:12:22 +00:00
parent 593039ced7
commit 61e2a38de5
1 changed files with 1 additions and 0 deletions
--- a/components/engine/oci/defaults.go
+++ b/components/engine/oci/defaults.go
@ -119,6 +119,7 @@ func DefaultLinuxSpec() specs.Spec {
 			"/proc/timer_list",
 			"/proc/timer_stats",
 			"/proc/sched_debug",
+			"/proc/scsi",
 		},
 		ReadonlyPaths: []string{
 			"/proc/asound",