From 95824f44c088b34c2f3391155163d0ce9b244dfa Mon Sep 17 00:00:00 2001
From: Davanum Srinivas <davanum@gmail.com>
Date: Thu, 11 Aug 2016 15:12:35 -0400
Subject: [PATCH] Adding /proc/timer_list to the masked paths list

/proc/timer_list seems to leak information about the host. Here is
an example from a busybox container running on docker+kubernetes.

 # cat /proc/timer_list | grep -i -e kube
 <ffff8800b8cc3db0>, hrtimer_wakeup, S:01, futex_wait_queue_me, kubelet/2497
 <ffff880129ac3db0>, hrtimer_wakeup, S:01, futex_wait_queue_me, kube-proxy/3478
 <ffff8800b1b77db0>, hrtimer_wakeup, S:01, futex_wait_queue_me, kube-proxy/3470
 <ffff8800bb6abdb0>, hrtimer_wakeup, S:01, futex_wait_queue_me, kubelet/2499

Signed-Off-By: Davanum Srinivas <davanum@gmail.com>
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
Upstream-commit: 03bd00b68f28062ef6b09a43a4c381af63b91673
Component: engine
---
 components/engine/oci/defaults_linux.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/components/engine/oci/defaults_linux.go b/components/engine/oci/defaults_linux.go
index 796166bdb3..5f93a9af94 100644
--- a/components/engine/oci/defaults_linux.go
+++ b/components/engine/oci/defaults_linux.go
@@ -81,6 +81,7 @@ func DefaultSpec() specs.Spec {
 		MaskedPaths: []string{
 			"/proc/kcore",
 			"/proc/latency_stats",
+			"/proc/timer_list",
 			"/proc/timer_stats",
 			"/proc/sched_debug",
 		},