From c639daca5ace2b1428b91ed469e8d06cd347e26b Mon Sep 17 00:00:00 2001
From: EnumDev <enumdev@enumerated.dev>
Date: Fri, 28 Feb 2025 18:47:10 +0200
Subject: [PATCH] Add more virtual filesystems to mount on boot

---
 cmd/enit/main.go | 35 ++++++++++++++++++++++++++++++++++-
 1 file changed, 34 insertions(+), 1 deletion(-)

diff --git a/cmd/enit/main.go b/cmd/enit/main.go
index 1549e53..fa57edb 100644
--- a/cmd/enit/main.go
+++ b/cmd/enit/main.go
@@ -55,10 +55,43 @@ func main() {
 func mountVirtualFilesystems() {
 	fmt.Print("Mounting virtual filesystems... ")
 
+	commonFlags := uintptr(0 | syscall.MS_NOSUID | syscall.MS_RELATIME)
+	// Mount /proc
+	if err := syscall.Mount("proc", "/proc", "proc", commonFlags|syscall.MS_NODEV|syscall.MS_NOEXEC|syscall.MS_REMOUNT, ""); err != nil {
+		panic(err)
+	}
+	// Mount /sys
+	if err := syscall.Mount("sys", "/sys", "sysfs", commonFlags|syscall.MS_NODEV|syscall.MS_NOEXEC|syscall.MS_REMOUNT, ""); err != nil {
+		panic(err)
+	}
+	// Mount /dev
+	if err := syscall.Mount("dev", "/dev", "devtmpfs", commonFlags|syscall.MS_REMOUNT, "mode=755,inode64"); err != nil {
+		panic(err)
+	}
+	// Mount /run
+	if err := syscall.Mount("run", "/run", "tmpfs", commonFlags|syscall.MS_NODEV|syscall.MS_REMOUNT, "mode=755,inode64"); err != nil {
+		panic(err)
+	}
+	// Mount /dev/pts
 	if err := os.Mkdir("/dev/pts", 0755); err != nil {
 		panic(err)
 	}
-	if err := syscall.Mount("none", "/dev/pts", "devpts", syscall.MS_NOSUID|syscall.MS_NOEXEC, ""); err != nil {
+	if err := syscall.Mount("devpts", "/dev/pts", "devpts", commonFlags, "gid=5,mode=620,ptmxmode=000"); err != nil {
+		panic(err)
+	}
+	// Mount /dev/shm
+	if err := os.Mkdir("/dev/shm", 0755); err != nil {
+		panic(err)
+	}
+	if err := syscall.Mount("shm", "/dev/shm", "tmpfs", commonFlags|syscall.MS_NODEV, "inode64"); err != nil {
+		panic(err)
+	}
+	// Mount securityfs
+	if err := syscall.Mount("securityfs", "/sys/kernel/security", "securityfs", commonFlags, ""); err != nil {
+		panic(err)
+	}
+	// Mount cgroups v2
+	if err := syscall.Mount("cgroup2", "/sys/fs/cgroup", "cgroup2", commonFlags|syscall.MS_NOEXEC, ""); err != nil {
 		panic(err)
 	}