From caa22ea14896efe561f0e4712f56f074144f5674 Mon Sep 17 00:00:00 2001
From: Douglas Landgraf <dougsland@redhat.com>
Date: Wed, 26 Feb 2025 11:36:42 -0500
Subject: [PATCH] qm.container: add tmpfs additional flags (#727)

Resolves: https://github.com/containers/qm/issues/723

Signed-off-by: Douglas Schilling Landgraf <dougsland@redhat.com>
---
 qm.container | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/qm.container b/qm.container
index bb1ca1df..ee8a265b 100644
--- a/qm.container
+++ b/qm.container
@@ -80,11 +80,18 @@ Network=private
 # Makes the container's filesystem read-only, enhancing security by preventing modifications.
 ReadOnly=true
 
+# TmpFS flags
+ReadOnlyTmpfs=false
+Mount=type=tmpfs,tmpfs-size=512M,destination=/tmp
+Mount=type=tmpfs,tmpfs-size=512M,destination=/run
+Mount=type=tmpfs,destination=/dev/shm
+
 # Rootfs
 # ------
 # Defines the root filesystem location for QM partition.
 # By default the '${ROOTFS}' variable points to /usr/lib/qm/rootfs.
 # For details see: https://docs.podman.io/en/latest/markdown/podman-systemd.unit.5.html#rootfs
+#
 Rootfs=${ROOTFS}
 
 SecurityLabelNested=true
@@ -94,3 +101,4 @@ SecurityLabelType=qm_t
 Timezone=local
 Volume=${RWETCFS}:/etc
 Volume=${RWVARFS}:/var
+