summaryrefslogtreecommitdiffhomepage
path: root/website/blog/2019-11-18-security-basics.md
diff options
context:
space:
mode:
authorFabricio Voznika <fvoznika@google.com>2020-08-19 18:35:35 -0700
committergVisor bot <gvisor-bot@google.com>2020-08-19 18:37:42 -0700
commitbe76c7ce6eb8f2a76c876b500aefc6f0fd8e30ba (patch)
tree026860ed255b567b63c2e8c2e2cf832060a99a67 /website/blog/2019-11-18-security-basics.md
parent6335704625819914768800c16e82623a65fa6755 (diff)
Move boot.Config to its own package
Updates #3494 PiperOrigin-RevId: 327548511
Diffstat (limited to 'website/blog/2019-11-18-security-basics.md')
-rw-r--r--website/blog/2019-11-18-security-basics.md2
1 files changed, 1 insertions, 1 deletions
diff --git a/website/blog/2019-11-18-security-basics.md b/website/blog/2019-11-18-security-basics.md
index 76bbabc13..2256ee9d5 100644
--- a/website/blog/2019-11-18-security-basics.md
+++ b/website/blog/2019-11-18-security-basics.md
@@ -188,7 +188,7 @@ for direct access to some files. And most files will be remotely accessed
through the Gofers, in which case no FDs are donated to the Sentry.
The Sentry itself is only allowed access to specific
-[whitelisted syscalls](https://github.com/google/gvisor/blob/master/runsc/boot/config.go).
+[whitelisted syscalls](https://github.com/google/gvisor/blob/master/runsc/config/config.go).
Without networking, the Sentry needs 53 host syscalls in order to function, and
with networking, it uses an additional 15[^8]. By limiting the whitelist to only
these needed syscalls, we radically reduce the amount of host OS attack surface.