jai.git

Clone (read-only): git clone http://git.guha-anderson.com/git/jai.git

Revert "Mount an isolated tmpfs at /dev/shm inside each jail"

This reverts commit 3edf7c2, in favor of the alternative implementation
from 060ed2870a13f3efb146a0ca9d2bab3db427f214.

Author: Arjun Guha <a.guha@northeastern.edu>
Date: 2026-04-02 21:22:54 -0400
Commit: f616b47cbef24d252d4a6e21f60fa236d541c44d

jai.cc

index 1eb3984..a1f393b 100644
--- a/jai.cc
+++ b/jai.cc
@@ -438,7 +438,6 @@ Config::make_mnt_ns()
       .propagation = MS_PRIVATE,
   };
   Fd tmp = clone_tree(*mp_holder_.emplace_back(make_private_tmp()));
-  Fd shm = make_tmpfs("jai-shm", "mode", "01777", "size", "50%");
 
   Fd passwd;
   if (mode_ == kStrict)
@@ -469,7 +468,6 @@ Config::make_mnt_ns()
     home = clone_tree(*ensure_udir(storage(), cat(sandbox_name_, ".home")));
   }
   xmnt_setattr(*tmp, attr);
-  xmnt_setattr(*shm, attr);
   xmnt_setattr(*home, attr);
   if (passwd)
     xmnt_setattr(*passwd, attr);
@@ -489,9 +487,7 @@ Config::make_mnt_ns()
     syserr("umount2({}, MNT_DETACH)", kRunRoot);
   umount2("/tmp", MNT_DETACH);     // ignore error
   umount2("/var/tmp", MNT_DETACH); // ignore error
-  umount2("/dev/shm", MNT_DETACH); // ignore error
   xmnt_move(*tmp, -1, "/tmp");
-  xmnt_move(*shm, -1, "/dev/shm");
   xmnt_move(*clone_tree(-1, "/tmp"), -1, "/var/tmp", 0);
   xmnt_move(*home, -1, homepath_);
   if (passwd)