From 297f41e25ac264a5fb3394d29ba1491a06741dbc Mon Sep 17 00:00:00 2001
From: Justin Cormack <justin.cormack@docker.com>
Date: Wed, 5 Apr 2017 11:40:22 +0100
Subject: [PATCH] Add the standard options Docker sets for /proc

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
---
 src/cmd/moby/config.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/cmd/moby/config.go b/src/cmd/moby/config.go
index b7ebef06c..d90860f89 100644
--- a/src/cmd/moby/config.go
+++ b/src/cmd/moby/config.go
@@ -116,6 +116,7 @@ func ConfigInspectToOCI(image *MobyImage, inspect types.ImageInspect) ([]byte, e
 	if cwd == "" {
 		cwd = "/"
 	}
+	procOptions := []string{"nosuid", "nodev", "noexec", "relatime"}
 	devOptions := []string{"nosuid", "strictatime", "mode=755", "size=65536k"}
 	if image.Readonly {
 		devOptions = append(devOptions, "ro")
@@ -128,7 +129,7 @@ func ConfigInspectToOCI(image *MobyImage, inspect types.ImageInspect) ([]byte, e
 	cgroupOptions := []string{"nosuid", "noexec", "nodev", "relatime", "ro"}
 	// note omits "standard" /dev/shm and /dev/mqueue
 	mounts := []specs.Mount{
-		{Destination: "/proc", Type: "proc", Source: "proc"},
+		{Destination: "/proc", Type: "proc", Source: "proc", Options: procOptions},
 		{Destination: "/dev", Type: "tmpfs", Source: "tmpfs", Options: devOptions},
 		{Destination: "/dev/pts", Type: "devpts", Source: "devpts", Options: ptsOptions},
 		{Destination: "/sys", Type: "sysfs", Source: "sysfs", Options: sysOptions},