update initialWhitelist instead of whitelist

pkg/util/fs_util.go

@@ -817,7 +817,8 @@ func UpdateWhitelist(whitelistVarRun bool) {
 	if !whitelistVarRun {
 		return
 	}
-	whitelist = append(initialWhitelist, WhitelistEntry{
+	logrus.Trace("Adding /var/run to initialWhitelist ")
+	initialWhitelist = append(initialWhitelist, WhitelistEntry{
 		// /var/run is a special case. It's common to mount in /var/run/docker.sock or something similar
 		// which leads to a special mount on the /var/run/docker.sock file itself, but the directory to exist
 		// in the image with no way to tell if it came from the base image or not.

pkg/util/fs_util_test.go

@@ -1305,22 +1305,16 @@ func TestUpdateWhitelist(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			whitelist = initialWhitelist
+			original := initialWhitelist
-			defer func() { whitelist = initialWhitelist }()
+			defer func() { initialWhitelist = original }()
-			sort.Slice(tt.expected, func(i, j int) bool {
-				return tt.expected[i].Path < tt.expected[j].Path
-			})
-			sort.Slice(whitelist, func(i, j int) bool {
-				return whitelist[i].Path < whitelist[j].Path
-			})
 			UpdateWhitelist(tt.whitelistVarRun)
 			sort.Slice(tt.expected, func(i, j int) bool {
 				return tt.expected[i].Path < tt.expected[j].Path
 			})
-			sort.Slice(whitelist, func(i, j int) bool {
+			sort.Slice(initialWhitelist, func(i, j int) bool {
-				return whitelist[i].Path < whitelist[j].Path
+				return initialWhitelist[i].Path < initialWhitelist[j].Path
 			})
-			testutil.CheckDeepEqual(t, tt.expected, whitelist)
+			testutil.CheckDeepEqual(t, tt.expected, initialWhitelist)
 		})
 	}
 }