summaryrefslogtreecommitdiffhomepage
path: root/website/blog/2019-11-18-security-basics.md
diff options
context:
space:
mode:
Diffstat (limited to 'website/blog/2019-11-18-security-basics.md')
-rw-r--r--website/blog/2019-11-18-security-basics.md2
1 files changed, 1 insertions, 1 deletions
diff --git a/website/blog/2019-11-18-security-basics.md b/website/blog/2019-11-18-security-basics.md
index 76bbabc13..2256ee9d5 100644
--- a/website/blog/2019-11-18-security-basics.md
+++ b/website/blog/2019-11-18-security-basics.md
@@ -188,7 +188,7 @@ for direct access to some files. And most files will be remotely accessed
through the Gofers, in which case no FDs are donated to the Sentry.
The Sentry itself is only allowed access to specific
-[whitelisted syscalls](https://github.com/google/gvisor/blob/master/runsc/boot/config.go).
+[whitelisted syscalls](https://github.com/google/gvisor/blob/master/runsc/config/config.go).
Without networking, the Sentry needs 53 host syscalls in order to function, and
with networking, it uses an additional 15[^8]. By limiting the whitelist to only
these needed syscalls, we radically reduce the amount of host OS attack surface.