diff --git a/generate.go b/generate.go
index 11633b388..9ade8e659 100644
--- a/generate.go
+++ b/generate.go
@@ -599,6 +599,8 @@ func setupNamespaces(spec *specs.Spec, context *cli.Context) {
 	spec.Linux.Namespaces = linuxNs
 }
 
+func sPtr(s string) *string { return &s }
+
 func getDefaultTemplate() specs.Spec {
 	spec := specs.Spec{
 		Version: specs.Version,
@@ -646,8 +648,53 @@ func getDefaultTemplate() specs.Spec {
 			},
 		},
 		Hostname: "shell",
-		Mounts:   []specs.Mount{},
+		Mounts: []specs.Mount{
+			{
+				Destination: "/proc",
+				Type:        "proc",
+				Source:      "proc",
+				Options:     nil,
+			},
+			{
+				Destination: "/dev",
+				Type:        "tmpfs",
+				Source:      "tmpfs",
+				Options:     []string{"nosuid", "strictatime", "mode=755", "size=65536k"},
+			},
+			{
+				Destination: "/dev/pts",
+				Type:        "devpts",
+				Source:      "devpts",
+				Options:     []string{"nosuid", "noexec", "newinstance", "ptmxmode=0666", "mode=0620", "gid=5"},
+			},
+			{
+				Destination: "/dev/shm",
+				Type:        "tmpfs",
+				Source:      "shm",
+				Options:     []string{"nosuid", "noexec", "nodev", "mode=1777", "size=65536k"},
+			},
+			{
+				Destination: "/dev/mqueue",
+				Type:        "mqueue",
+				Source:      "mqueue",
+				Options:     []string{"nosuid", "noexec", "nodev"},
+			},
+			{
+				Destination: "/sys",
+				Type:        "sysfs",
+				Source:      "sysfs",
+				Options:     []string{"nosuid", "noexec", "nodev", "ro"},
+			},
+		},
 		Linux: specs.Linux{
+			Resources: &specs.Resources{
+				Devices: []specs.DeviceCgroup{
+					{
+						Allow:  false,
+						Access: sPtr("rwm"),
+					},
+				},
+			},
 			Namespaces: []specs.Namespace{
 				{
 					Type: "pid",