From 94c33d4f946653f635e1d1abdb98009a1e4e54ef Mon Sep 17 00:00:00 2001
From: Michael Crosby <crosbymichael@gmail.com>
Date: Wed, 19 Sep 2018 13:29:56 -0400
Subject: [PATCH] Add nosuid,noexec,nodev to proc

This is to match the same mount options as the host.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
---
 oci/spec.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/oci/spec.go b/oci/spec.go
index 6fb31e454..b83f40ac6 100644
--- a/oci/spec.go
+++ b/oci/spec.go
@@ -167,6 +167,7 @@ func populateDefaultUnixSpec(ctx context.Context, s *Spec, id string) error {
 				Destination: "/proc",
 				Type:        "proc",
 				Source:      "proc",
+				Options:     []string{"nosuid", "noexec", "nodev"},
 			},
 			{
 				Destination: "/dev",