From 537905ba2c587fc9c5ae5c52b96b19c5d68beeaa Mon Sep 17 00:00:00 2001
From: Maksim An <maksiman@microsoft.com>
Date: Thu, 21 Apr 2022 17:48:04 -0700
Subject: [PATCH] Hold lock when updating DefaultMounts

Signed-off-by: Maksim An <maksiman@microsoft.com>
---
 pkg/securitypolicy/securitypolicyenforcer.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/pkg/securitypolicy/securitypolicyenforcer.go b/pkg/securitypolicy/securitypolicyenforcer.go
index 5b17589838..72a4ae9314 100644
--- a/pkg/securitypolicy/securitypolicyenforcer.go
+++ b/pkg/securitypolicy/securitypolicyenforcer.go
@@ -616,6 +616,9 @@ func (pe *StandardSecurityPolicyEnforcer) enforceDefaultMounts(specMount oci.Mou
 }
 
 func (pe *StandardSecurityPolicyEnforcer) ExtendDefaultMounts(defaultMounts []oci.Mount) error {
+	pe.mutex.Lock()
+	defer pe.mutex.Unlock()
+
 	for _, mnt := range defaultMounts {
 		pe.DefaultMounts = append(pe.DefaultMounts, newMountConstraint(
 			mnt.Source,