From 61e2a38de517a4ccaf71f47aa967a87f7cf70e98 Mon Sep 17 00:00:00 2001
From: Justin Cormack <justin.cormack@docker.com>
Date: Fri, 3 Nov 2017 15:12:22 +0000
Subject: [PATCH] Add /proc/scsi to masked paths

This is writeable, and can be used to remove devices. Containers do
not need to know about scsi devices.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Upstream-commit: a21ecdf3c8a343a7c94e4c4d01b178c87ca7aaa1
Component: engine
---
 components/engine/oci/defaults.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/components/engine/oci/defaults.go b/components/engine/oci/defaults.go
index 0cc07ffa13..41880710bd 100644
--- a/components/engine/oci/defaults.go
+++ b/components/engine/oci/defaults.go
@@ -119,6 +119,7 @@ func DefaultLinuxSpec() specs.Spec {
 			"/proc/timer_list",
 			"/proc/timer_stats",
 			"/proc/sched_debug",
+			"/proc/scsi",
 		},
 		ReadonlyPaths: []string{
 			"/proc/asound",