Add /proc/keys to masked paths

This leaks information about keyrings on the host. Keyrings are
not namespaced.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>

Author: justincormack

oci/defaults_linux.go

@@ -80,6 +80,7 @@ func DefaultSpec() specs.Spec {
 		MaskedPaths: []string{
 			"/proc/acpi",
 			"/proc/kcore",
+			"/proc/keys",
 			"/proc/latency_stats",
 			"/proc/timer_list",
 			"/proc/timer_stats",