Ignore /proc/sys/fs/binfmt_misc by default

disk/assets/configuration/spec.yaml

@@ -26,7 +26,8 @@ files:
             description: |
               Instruct the check to always add these patterns to `mount_point_blacklist`.
             value:
-              example: []
+              example:
+                - /proc/sys/fs/binfmt_misc$
               type: array
               items:
                 type: string

disk/datadog_checks/disk/data/conf.yaml.default

@@ -16,7 +16,8 @@ init_config:
     ## @param mount_point_global_blacklist - list of strings - optional
     ## Instruct the check to always add these patterns to `mount_point_blacklist`.
     #
-    # mount_point_global_blacklist: []
+    # mount_point_global_blacklist:
+    #   - /proc/sys/fs/binfmt_misc$
 
 ## Every instance is scheduled independent of the others.
 #

disk/datadog_checks/disk/disk.py

@@ -438,4 +438,8 @@ def get_default_device_blacklist():
 
     @staticmethod
     def get_default_mount_mount_blacklist():
-        return []
+        return [
+            # https://github.com/DataDog/datadog-agent/issues/1961
+            # https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1049
+            '/proc/sys/fs/binfmt_misc$'
+        ]

disk/tests/test_filter.py

@@ -39,7 +39,7 @@ def test_bad_config_string_regex():
     assert_regex_equal(c._device_whitelist, re.compile('test', IGNORE_CASE))
     assert_regex_equal(c._device_blacklist, re.compile('test', IGNORE_CASE))
     assert_regex_equal(c._mount_point_whitelist, re.compile('test', IGNORE_CASE))
-    assert_regex_equal(c._mount_point_blacklist, re.compile('test', IGNORE_CASE))
+    assert_regex_equal(c._mount_point_blacklist, re.compile('test|/proc/sys/fs/binfmt_misc$', IGNORE_CASE))
 
 
 def test_ignore_empty_regex():
@@ -58,7 +58,7 @@ def test_ignore_empty_regex():
     assert_regex_equal(c._device_whitelist, re.compile('test', IGNORE_CASE))
     assert_regex_equal(c._device_blacklist, re.compile('test', IGNORE_CASE))
     assert_regex_equal(c._mount_point_whitelist, re.compile('test', IGNORE_CASE))
-    assert_regex_equal(c._mount_point_blacklist, re.compile('test', IGNORE_CASE))
+    assert_regex_equal(c._mount_point_blacklist, re.compile('test|/proc/sys/fs/binfmt_misc$', IGNORE_CASE))
 
 
 def test_exclude_bad_devices():
@@ -191,7 +191,7 @@ def test_legacy_config():
 
     assert_regex_equal(c._file_system_blacklist, re.compile('iso9660$|test$', re.I))
     assert_regex_equal(c._device_blacklist, re.compile('test1$|test2', IGNORE_CASE))
-    assert_regex_equal(c._mount_point_blacklist, re.compile('test', IGNORE_CASE))
+    assert_regex_equal(c._mount_point_blacklist, re.compile('/proc/sys/fs/binfmt_misc$|test', IGNORE_CASE))
 
 
 def test_legacy_exclude_disk():

disk/tests/test_unit.py

@@ -11,6 +11,7 @@
 from datadog_checks.base.utils.platform import Platform
 from datadog_checks.base.utils.timeout import TimeoutException
 from datadog_checks.disk import Disk
+from datadog_checks.disk.disk import IGNORE_CASE
 
 from .common import DEFAULT_DEVICE_BASE_NAME, DEFAULT_DEVICE_NAME, DEFAULT_FILE_SYSTEM, DEFAULT_MOUNT_POINT
 from .mocks import MockDiskMetrics, MockPart, mock_blkid_output
@@ -26,7 +27,7 @@ def test_default_options():
     assert check._device_whitelist is None
     assert check._device_blacklist is None
     assert check._mount_point_whitelist is None
-    assert check._mount_point_blacklist is None
+    assert check._mount_point_blacklist == re.compile('/proc/sys/fs/binfmt_misc$', IGNORE_CASE)
     assert check._tag_by_filesystem is False
     assert check._device_tag_re == []
     assert check._service_check_rw is False