jasder
/
runc
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Adding /proc/timer_list to the masked paths list 

/proc/timer_list seems to leak information about the host. Here is
an example from a busybox container running on docker+kubernetes.

 # cat /proc/timer_list | grep -i -e kube
 <ffff8800b8cc3db0>, hrtimer_wakeup, S:01, futex_wait_queue_me, kubelet/2497
 <ffff880129ac3db0>, hrtimer_wakeup, S:01, futex_wait_queue_me, kube-proxy/3478
 <ffff8800b1b77db0>, hrtimer_wakeup, S:01, futex_wait_queue_me, kube-proxy/3470
 <ffff8800bb6abdb0>, hrtimer_wakeup, S:01, futex_wait_queue_me, kubelet/2499

Signed-off-by: Davanum Srinivas <davanum@gmail.com>
This commit is contained in:
Davanum Srinivas 2016-08-11 15:03:47 -04:00
parent 0f76457138
commit 27915db384
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
spec.go
View File

@ -149,6 +149,7 @@ container on your host.`,
MaskedPaths: []string{
"/proc/kcore",
"/proc/latency_stats",
"/proc/timer_list",
"/proc/timer_stats",
"/proc/sched_debug",
},