From a62a95789c14cc09727bd18a3ceb987b9f438868 Mon Sep 17 00:00:00 2001
From: wllenyj <wllenyj@linux.alibaba.com>
Date: Tue, 10 May 2022 01:09:32 +0800
Subject: [PATCH] CRI: remove default /dev/shm mount in Sandbox.

This's an optimization to get rid of redundant `/dev/shm" mounts for pause container.
In `oci.defaultMounts`, there is a default `/dev/shm` mount which is redundant for
pause container.

Fixes: #6911

Signed-off-by: Jiang Liu <gerry@linux.alibaba.com>
Signed-off-by: Lei Wang  <wllenyj@linux.alibaba.com>
---
 pkg/cri/server/sandbox_run_linux.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/pkg/cri/server/sandbox_run_linux.go b/pkg/cri/server/sandbox_run_linux.go
index c4485e2fa..e18b20c8b 100644
--- a/pkg/cri/server/sandbox_run_linux.go
+++ b/pkg/cri/server/sandbox_run_linux.go
@@ -101,6 +101,8 @@ func (c *criService) sandboxContainerSpec(id string, config *runtime.PodSandboxC
 	if nsOptions.GetIpc() == runtime.NamespaceMode_NODE {
 		sandboxDevShm = devShm
 	}
+	// Remove the default /dev/shm mount from defaultMounts, it is added in oci/mounts.go.
+	specOpts = append(specOpts, oci.WithoutMounts(devShm))
 	specOpts = append(specOpts, oci.WithMounts([]runtimespec.Mount{
 		{
 			Source:      sandboxDevShm,