diff --git a/fs/ozinit.go b/fs/ozinit.go
index f1392cb..8f0d63a 100644
--- a/fs/ozinit.go
+++ b/fs/ozinit.go
@@ -30,14 +30,19 @@ func (fs *Filesystem) ozinitMountDev() error {
 			fs.log.Warning("Failed to mount devtmpfs: %v", err)
 			return err
 		}
-
-		if err := mountSpecial("/dev/shm", "tmpfs"); err != nil {
-			fs.log.Warning("Failed to mount shm directory: %v", err)
-			return err
-		}
+	}
+	
+	if err := mountSpecial("/dev/shm", "tmpfs", true); err != nil {
+		fs.log.Warning("Failed to mount shm directory: %v", err)
+		return err
+	}
+	
+	if err := mountSpecial("/tmp", "tmpfs", true); err != nil {
+		fs.log.Warning("Failed to mount shm directory: %v", err)
+		return err
 	}
 
-	if err := mountSpecial("/dev/pts", "devpts"); err != nil {
+	if err := mountSpecial("/dev/pts", "devpts", false); err != nil {
 		fs.log.Warning("Failed to mount pts directory: %v", err)
 		return err
 	}
@@ -45,8 +50,11 @@ func (fs *Filesystem) ozinitMountDev() error {
 	return nil
 }
 
-func mountSpecial(path, mtype string) error {
+func mountSpecial(path, mtype string, nodevs bool) error {
 	flags := uintptr(syscall.MS_NOSUID | syscall.MS_REC | syscall.MS_NOEXEC)
+	if nodevs {
+		flags = flags | syscall.MS_NODEV
+	}
 	if err := os.MkdirAll(path, 0755); err != nil {
 		return err
 	}
diff --git a/fs/setup.go b/fs/setup.go
index 7f69e1d..5442ef3 100644
--- a/fs/setup.go
+++ b/fs/setup.go
@@ -179,14 +179,17 @@ func (fs *Filesystem) setupChroot() error {
 	if err != nil {
 		return err
 	}
-	return setupTmp(fs.root)
+	return nil
 }
 
 func (fs *Filesystem) setupDev() error {
 	devPath := path.Join(fs.root, "dev")
 	flags := uintptr(syscall.MS_NOSUID | syscall.MS_NOEXEC)
 	if err := syscall.Mount("none", devPath, "tmpfs", flags, ""); err != nil {
-		fs.log.Warning("Failed to mount devtmpfs: %v", err)
+		fs.log.Warning("Failed to mount new tmpfs: %s (%v)", devPath, err)
+		return err
+	}
+	if err := os.Chmod(devPath, 0755); err != nil {
 		return err
 	}
 
@@ -199,13 +202,7 @@ func (fs *Filesystem) setupDev() error {
 			return fmt.Errorf("Unable to set permissions for device %s: %+v", dev.path, err)
 		}
 	}
-
-	shmPath := path.Join(devPath, "shm")
-	if err := mountSpecial(shmPath, "tmpfs"); err != nil {
-		fs.log.Warning("Failed to mount shm directory: %v", err)
-		return err
-	}
-
+	
 	return nil
 }