container/initdev: mount tmpfs on shm for ro dev

Programs expect /dev/shm to be a writable tmpfs. Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-08-26 03:15:32 +09:00
parent 07194c74cb
commit 9bc8532d56
12 changed files with 30 additions and 9 deletions
--- a/internal/app/container_linux.go
+++ b/internal/app/container_linux.go
@@ -233,7 +233,9 @@ func newContainer(s *hst.ContainerConfig, os sys.State, prefix string, uid, gid

 	// no more ContainerConfig paths beyond this point
 	if !s.Device {
-		params.Remount(container.AbsFHSDev, syscall.MS_RDONLY)
+		params.
+			Remount(container.AbsFHSDev, syscall.MS_RDONLY).
+			Tmpfs(container.AbsFHSDev.Append("shm"), 0, 01777)
 	}

 	return params, maps.Clone(s.Env), nil