diff --git a/oci/spec.go b/oci/spec.go
index 6fb31e454..b83f40ac6 100644
--- a/oci/spec.go
+++ b/oci/spec.go
@@ -167,6 +167,7 @@ func populateDefaultUnixSpec(ctx context.Context, s *Spec, id string) error {
 				Destination: "/proc",
 				Type:        "proc",
 				Source:      "proc",
+				Options:     []string{"nosuid", "noexec", "nodev"},
 			},
 			{
 				Destination: "/dev",