diff --git a/build/docker/util.go b/build/docker/util.go
index ece1e3125..3d57228d7 100644
--- a/build/docker/util.go
+++ b/build/docker/util.go
@@ -22,7 +22,7 @@ func toContainerConfig(c *yaml.Container) *dockerclient.ContainerConfig {
 			Privileged:       c.Privileged,
 			NetworkMode:      c.Network,
 			Memory:           c.MemLimit,
-		  ShmSize:          c.ShmSize,
+			ShmSize:          c.ShmSize,
 			CpuShares:        c.CPUShares,
 			CpuQuota:         c.CPUQuota,
 			CpusetCpus:       c.CPUSet,
diff --git a/yaml/transform/validate.go b/yaml/transform/validate.go
index 28471e013..161280dc3 100644
--- a/yaml/transform/validate.go
+++ b/yaml/transform/validate.go
@@ -51,6 +51,9 @@ func CheckTrusted(c *yaml.Container) error {
 	if c.Privileged {
 		return fmt.Errorf("Insufficient privileges to use privileged mode")
 	}
+	if c.ShmSize != 0 {
+		return fmt.Errorf("Insufficient privileges to override shm_size")
+	}
 	if len(c.DNS) != 0 {
 		return fmt.Errorf("Insufficient privileges to use custom dns")
 	}