diff options
| -rw-r--r-- | pkg/spec/spec.go | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go index ac894c00c..255b70045 100644 --- a/pkg/spec/spec.go +++ b/pkg/spec/spec.go @@ -79,6 +79,16 @@ func CreateConfigToOCISpec(config *CreateConfig) (*spec.Spec, error) { //nolint } g.AddMount(devMqueue) } + if inUserNS && config.PidMode.IsHost() { + g.RemoveMount("/proc") + procMount := spec.Mount{ + Destination: "/proc", + Type: "bind", + Source: "/proc", + Options: []string{"rbind", "nosuid", "noexec", "nodev"}, + } + g.AddMount(procMount) + } if addCgroup { cgroupMnt := spec.Mount{ |