Add /proc/keys to masked paths

thaJeztah · thaJeztah · commit fe64b06a6d13 · 2018-07-06T18:46:45.000+02:00
This leaks information about keyrings on the host. Keyrings are
not namespaced.

Signed-off-by: Sebastiaan van Stijn &lt;github@gone.nl&gt;
diff --git a/oci/spec_unix.go b/oci/spec_unix.go
@@ -155,6 +155,7 @@ func createDefaultSpec(ctx context.Context, id string) (*Spec, error) {
 			MaskedPaths: []string{
 				"/proc/acpi",
 				"/proc/kcore",
+				"/proc/keys",
 				"/proc/latency_stats",
 				"/proc/timer_list",
 				"/proc/timer_stats",
