moby/oci at 68906e6dcdd115be8b12913a7d1c4d9c4db6c495 - moby

mirror of https://github.com/moby/moby.git synced 2026-01-11 18:51:37 +00:00

Files

Antonio Murdaca 569b9702a5 Add /proc/acpi to masked paths

The deafult OCI linux spec in oci/defaults{_linux}.go in Docker/Moby
from 1.11 to current upstream master does not block /proc/acpi pathnames
allowing attackers to modify host's hardware like enabling/disabling
bluetooth or turning up/down keyboard brightness. SELinux prevents all
of this if enabled.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>

2018-07-05 17:39:52 +02:00

defaults.go

Add /proc/acpi to masked paths

2018-07-05 17:39:52 +02:00

devices_linux.go

Various code-cleanup

2018-05-23 17:50:54 +02:00

devices_unsupported.go

Add canonical import comment

2018-02-05 16:51:57 -05:00

namespaces.go

Various code-cleanup

2018-05-23 17:50:54 +02:00