fix(entrypoint): increase /tmp tmpfs from 128MB to 512MB (#72)

limbibot · web-flow · commit c2363931e2d2 · 2026-04-06T15:34:35.000-07:00
The 128MB limit was insufficient for runtime temporary storage needs. Increases to 512MB to match the /workspace mount ceiling. Closes #71
diff --git a/CLAUDE.md b/CLAUDE.md
@@ -6,7 +6,7 @@ This project enforces a three-layer security model. You must evaluate every chan
 
 | Layer                   | Defense                                                                                                                                 | Protects Against                                                                      | Key Files                                                                          |
 | ----------------------- | --------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------- |
-| **Container Hardening** | Non-root user (UID 1000), read-only rootfs, size-limited tmpfs (512MB /workspace, 1GB /home/claude, 128MB /tmp)                         | Privilege escalation, persistent compromise, disk-based DoS                           | `Dockerfile`, `scripts/entrypoint.sh`                                              |
+| **Container Hardening** | Non-root user (UID 1000), read-only rootfs, size-limited tmpfs (512MB /workspace, 1GB /home/claude, 512MB /tmp)                         | Privilege escalation, persistent compromise, disk-based DoS                           | `Dockerfile`, `scripts/entrypoint.sh`                                              |
 | **Network Isolation**   | Default-deny iptables (OUTPUT DROP), domain allowlist, CoreDNS NXDOMAIN for unlisted domains, metadata IP blocks, UDP drop (except DNS) | Data exfiltration, C2 communication, unauthorized API access, metadata endpoint abuse | `network/domains.conf`, `network/Corefile.template`, `network/refresh-iptables.sh` |
 | **Command Approval**    | Tier 1 regex hard-block, Tier 2 hot-word escalation, Tier 3 Haiku LLM classification                                                    | Dangerous command execution, credential leaks, lateral movement, tmux injection       | `approval/rules.conf`, `approval/check-command.ts`, `approval/classifier.ts`       |
 
diff --git a/README.md b/README.md
@@ -368,7 +368,7 @@ No new binaries, no collector sidecar, no Dockerfile changes. Claude Code's buil
 - **tmpfs mounts**: Writable areas are memory-backed and size-limited:
   - `/workspace` (512MB) — working directory for code
   - `/home/claude` (1GB) — Claude's home directory
-  - `/tmp` (128MB) — temporary files
+  - `/tmp` (512MB) — temporary files
 - **Settings file**: Claude Code's `settings.json` (which configures the approval hook) is owned by the `claude` user. Claude can delete and recreate it, which would remove the hook. This is an accepted risk — iptables is the real enforcement layer, and the hook provides defense-in-depth.
 
 ### Layer 2: Network Isolation
diff --git a/scripts/entrypoint.sh b/scripts/entrypoint.sh
@@ -16,7 +16,7 @@ fi
 # === 1. Filesystem hardening ===
 # Mount tmpfs at writable paths before anything else
 mount -t tmpfs -o size=512m tmpfs /workspace
-mount -t tmpfs -o size=128m tmpfs /tmp
+mount -t tmpfs -o size=512m tmpfs /tmp
 mount -t tmpfs -o size=1024m tmpfs /home/claude
 chmod 1777 /tmp
 
