From 3c7f68ff6cc005240471f43b85fc672cfe372794 Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@redhat.com>
Date: Fri, 27 Oct 2023 12:20:58 -0400
Subject: [PATCH] Add masked paths and readonly paths to config

Podman and Buildah have gone out of sync, this will allow us to make
sure they stay in sync.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
---
 pkg/config/default.go | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/pkg/config/default.go b/pkg/config/default.go
index 096de8a75..b60c4345b 100644
--- a/pkg/config/default.go
+++ b/pkg/config/default.go
@@ -37,6 +37,30 @@ const (
 )
 
 var (
+	DefaultMaskedPaths = []string{
+		"/proc/acpi",
+		"/proc/kcore",
+		"/proc/keys",
+		"/proc/latency_stats",
+		"/proc/sched_debug",
+		"/proc/scsi",
+		"/proc/timer_list",
+		"/proc/timer_stats",
+		"/sys/dev/block",
+		"/sys/devices/virtual/powercap",
+		"/sys/firmware",
+		"/sys/fs/selinux",
+	}
+
+	DefaultReadOnlyPaths = []string{
+		"/proc/asound",
+		"/proc/bus",
+		"/proc/fs",
+		"/proc/irq",
+		"/proc/sys",
+		"/proc/sysrq-trigger",
+	}
+
 	// DefaultInfraImage is the default image to run as infrastructure containers in pods.
 	DefaultInfraImage = ""
 	// DefaultRootlessSHMLockPath is the default path for rootless SHM locks.