diff --git a/oci/spec.go b/oci/spec.go index 035bb7e7d..34d766230 100644 --- a/oci/spec.go +++ b/oci/spec.go @@ -161,50 +161,6 @@ func populateDefaultUnixSpec(ctx context.Context, s *Spec, id string) error { }, }, }, - Mounts: []specs.Mount{ - { - Destination: "/proc", - Type: "proc", - Source: "proc", - Options: []string{"nosuid", "noexec", "nodev"}, - }, - { - Destination: "/dev", - Type: "tmpfs", - Source: "tmpfs", - Options: []string{"nosuid", "strictatime", "mode=755", "size=65536k"}, - }, - { - Destination: "/dev/pts", - Type: "devpts", - Source: "devpts", - Options: []string{"nosuid", "noexec", "newinstance", "ptmxmode=0666", "mode=0620", "gid=5"}, - }, - { - Destination: "/dev/shm", - Type: "tmpfs", - Source: "shm", - Options: []string{"nosuid", "noexec", "nodev", "mode=1777", "size=65536k"}, - }, - { - Destination: "/dev/mqueue", - Type: "mqueue", - Source: "mqueue", - Options: []string{"nosuid", "noexec", "nodev"}, - }, - { - Destination: "/sys", - Type: "sysfs", - Source: "sysfs", - Options: []string{"nosuid", "noexec", "nodev", "ro"}, - }, - { - Destination: "/run", - Type: "tmpfs", - Source: "tmpfs", - Options: []string{"nosuid", "strictatime", "mode=755", "size=65536k"}, - }, - }, Linux: &specs.Linux{ MaskedPaths: []string{ "/proc/acpi", @@ -237,6 +193,7 @@ func populateDefaultUnixSpec(ctx context.Context, s *Spec, id string) error { Namespaces: defaultUnixNamespaces(), }, } + s.Mounts = defaultMounts() return nil } diff --git a/oci/spec_freebsd.go b/oci/spec_freebsd.go new file mode 100644 index 000000000..f89d890ae --- /dev/null +++ b/oci/spec_freebsd.go @@ -0,0 +1,40 @@ +package oci + +import ( + specs "github.com/opencontainers/runtime-spec/specs-go" +) + +func defaultMounts() []specs.Mount { + return []specs.Mount{ + { + Destination: "/proc", + Type: "procfs", + Source: "proc", + Options: []string{"nosuid", "noexec"}, + }, + { + Destination: "/dev", + Type: "devfs", + Source: "devfs", + Options: []string{}, + }, + { + Destination: "/dev/fd", + Type: "fdescfs", + Source: "fdescfs", + Options: []string{}, + }, + { + Destination: "/dev/mqueue", + Type: "mqueue", + Source: "mqueue", + Options: []string{"nosuid", "noexec"}, + }, + { + Destination: "/dev/shm", + Type: "tmpfs", + Source: "shm", + Options: []string{"nosuid", "noexec", "mode=1777"}, + }, + } +} diff --git a/oci/spec_linux.go b/oci/spec_linux.go new file mode 100644 index 000000000..1ac1cc28a --- /dev/null +++ b/oci/spec_linux.go @@ -0,0 +1,52 @@ +package oci + +import ( + specs "github.com/opencontainers/runtime-spec/specs-go" +) + +func defaultMounts() []specs.Mount { + return []specs.Mount{ + { + Destination: "/proc", + Type: "proc", + Source: "proc", + Options: []string{"nosuid", "noexec", "nodev"}, + }, + { + Destination: "/dev", + Type: "tmpfs", + Source: "tmpfs", + Options: []string{"nosuid", "strictatime", "mode=755", "size=65536k"}, + }, + { + Destination: "/dev/pts", + Type: "devpts", + Source: "devpts", + Options: []string{"nosuid", "noexec", "newinstance", "ptmxmode=0666", "mode=0620", "gid=5"}, + }, + { + Destination: "/dev/shm", + Type: "tmpfs", + Source: "shm", + Options: []string{"nosuid", "noexec", "nodev", "mode=1777", "size=65536k"}, + }, + { + Destination: "/dev/mqueue", + Type: "mqueue", + Source: "mqueue", + Options: []string{"nosuid", "noexec", "nodev"}, + }, + { + Destination: "/sys", + Type: "sysfs", + Source: "sysfs", + Options: []string{"nosuid", "noexec", "nodev", "ro"}, + }, + { + Destination: "/run", + Type: "tmpfs", + Source: "tmpfs", + Options: []string{"nosuid", "strictatime", "mode=755", "size=65536k"}, + }, + } +}