Skip to content

Commit

Permalink
Adding /proc/timer_list to the masked paths list
Browse files Browse the repository at this point in the history 
/proc/timer_list seems to leak information about the host. Here is
an example from a busybox container running on docker+kubernetes.

 # cat /proc/timer_list | grep -i -e kube
 <ffff8800b8cc3db0>, hrtimer_wakeup, S:01, futex_wait_queue_me, kubelet/2497
 <ffff880129ac3db0>, hrtimer_wakeup, S:01, futex_wait_queue_me, kube-proxy/3478
 <ffff8800b1b77db0>, hrtimer_wakeup, S:01, futex_wait_queue_me, kube-proxy/3470
 <ffff8800bb6abdb0>, hrtimer_wakeup, S:01, futex_wait_queue_me, kubelet/2499

Signed-Off-By: Davanum Srinivas <davanum@gmail.com>
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
  • Loading branch information
@dims
dims committed Aug 11, 2016
1 parent faaab62 commit 03bd00b
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions oci/defaults_linux.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,7 @@ func DefaultSpec() specs.Spec {
MaskedPaths: []string{
"/proc/kcore",
"/proc/latency_stats",
"/proc/timer_list",
"/proc/timer_stats",
"/proc/sched_debug",
},
Expand Down

0 comments on commit 03bd00b

Please sign in to comment.