From abad5830c8d50db01ea4eef12b7cffd23ba61c9a Mon Sep 17 00:00:00 2001
From: Douglas Schilling Landgraf <dougsland@redhat.com>
Date: Fri, 21 Feb 2025 08:46:25 -0500
Subject: [PATCH] qm.container: add tmpfs additional flags

Resolves: https://github.com/containers/qm/issues/723
Signed-off-by: Douglas Schilling Landgraf <dougsland@redhat.com>
---
 qm.container | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/qm.container b/qm.container
index bb1ca1df..17133b76 100644
--- a/qm.container
+++ b/qm.container
@@ -80,11 +80,19 @@ Network=private
 # Makes the container's filesystem read-only, enhancing security by preventing modifications.
 ReadOnly=true
 
+# TmpFS flags
+ReadOnlyTmpfs=false
+Mount=type=tmpfs,tmpfs-size=512M,destination=/tmp
+Mount=type=tmpfs,tmpfs-size=512M,destination=/run
+
 # Rootfs
 # ------
 # Defines the root filesystem location for QM partition.
 # By default the '${ROOTFS}' variable points to /usr/lib/qm/rootfs.
 # For details see: https://docs.podman.io/en/latest/markdown/podman-systemd.unit.5.html#rootfs
+#
+# TmpFS flags
+# -----------------
 Rootfs=${ROOTFS}
 
 SecurityLabelNested=true
@@ -94,3 +102,4 @@ SecurityLabelType=qm_t
 Timezone=local
 Volume=${RWETCFS}:/etc
 Volume=${RWVARFS}:/var
+