From aa5dd2313c5edee0337280640566e11c6c977552 Mon Sep 17 00:00:00 2001
From: Ophestra Umiker <cat@ophivana.moe>
Date: Tue, 15 Oct 2024 02:54:50 +0900
Subject: [PATCH] app: filter /tmp from permissive default

Tmpdir is bind mounted over further along in execution so there is no point sharing it here.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
---
 internal/app/seal.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/internal/app/seal.go b/internal/app/seal.go
index 146bcc5..bf634c4 100644
--- a/internal/app/seal.go
+++ b/internal/app/seal.go
@@ -134,6 +134,7 @@ func (a *app) Seal(config *Config) error {
 				case "proc":
 				case "dev":
 				case "run":
+				case "tmp":
 				case "mnt":
 				default:
 					p := "/" + name