Podman doesn't mount a tmpfs at /tmp by default - it needs to be
separately requested. However, doing it as part of 'podman create ...'
won't add a tmpfs at /tmp for existing toolbox containers. Therefore,
it's best done as part of the entry point.
The mount options are the same as used by systemd (see tmp.mount) to
provide a tmpfs at the host's /tmp.
For what it's worth, the mount flags do differ slightly from the host.
The host has:
$ findmnt --output OPTIONS,PROPAGATION /tmp
OPTIONS PROPAGATION
rw,nosuid,nodev,seclabel shared
The container has:
$ findmnt --output OPTIONS,PROPAGATION /tmp
OPTIONS PROPAGATION
rw,nosuid,nodev,seclabel,uid=100000,gid=100000 private
The uid and gid options don't show up on the host because both are 0,
and hence skipped by the tools.
https://github.com/containers/toolbox/issues/513
2befde83d1