From bfdb0f3cb86244b7b17d83c6c9aef858245815b4 Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@redhat.com>
Date: Tue, 18 Jul 2017 20:52:31 +0000
Subject: [PATCH] /dev should be constrained in size

There really is no reason why anyone should create content in /dev
other then device nodes.  Limiting it size to the 64 k size limit.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
---
 oci/defaults.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/oci/defaults.go b/oci/defaults.go
index 4376faf5a7..083726e12d 100644
--- a/oci/defaults.go
+++ b/oci/defaults.go
@@ -91,7 +91,7 @@ func DefaultLinuxSpec() specs.Spec {
 			Destination: "/dev",
 			Type:        "tmpfs",
 			Source:      "tmpfs",
-			Options:     []string{"nosuid", "strictatime", "mode=755"},
+			Options:     []string{"nosuid", "strictatime", "mode=755", "size=65536k"},
 		},
 		{
 			Destination: "/dev/pts",