Change dev and proc bwrap flags

2 files changed, 10 insertions, 11 deletions

diff --git a/src/main/java/io/github/jshipit/ContainerManager.java b/src/main/java/io/github/jshipit/ContainerManager.java
index eed8e48..d97f1f3 100644
--- a/src/main/java/io/github/jshipit/ContainerManager.java
+++ b/src/main/java/io/github/jshipit/ContainerManager.java
@@ -209,13 +209,6 @@ public class ContainerManager {
             }
         }
 
-        if (configParser.getBoolean("permissions.mount-dev")) {
-            bwrapCommand.add("--dev /dev"); // Mount /dev
-        }
-
-        if (configParser.getBoolean("permissions.mount-proc")) {
-            bwrapCommand.add("--proc /proc"); // Mount /proc
-        }
 
         if (!configParser.getBoolean("permissions.unshare-net")) {
             bwrapCommand.add("--ro-bind /etc/resolv.conf /etc/resolv.conf"); // Bind the host resolv.conf to the container
@@ -251,12 +244,16 @@ public class ContainerManager {
         }
 
         if (configParser.getBoolean("permissions.mount-dev")) {
-            bwrapCommand.add("--dev /dev"); // Mount /dev
-        }
+            bwrapCommand.add("--dev-bind /dev /dev"); // Mount /dev
+        } else {
+	    bwrapCommand.add("--dev /dev"); // Make sure a seperate devfs exists
+	}
 
         if (configParser.getBoolean("permissions.mount-proc")) {
-            bwrapCommand.add("--proc /proc"); // Mount /proc
-        }
+            bwrapCommand.add("--bind /proc /proc"); // Mount /proc
+        } else {
+	    bwrapCommand.add("--proc /proc"); // Make sure a seperate procfs exists
+	}
     }
 
     /*
diff --git a/src/main/java/io/github/jshipit/SysUtils.java b/src/main/java/io/github/jshipit/SysUtils.java
index 8bcd7b6..495f4e8 100644
--- a/src/main/java/io/github/jshipit/SysUtils.java
+++ b/src/main/java/io/github/jshipit/SysUtils.java
@@ -1,3 +1,5 @@
+// SPDX-License-Identifier: GPL-3.0-only
+
 package io.github.jshipit;
 
 import com.sun.jna.Platform;