Name

make-private-fs — populate various private-mount parts of the filesystem

Synopsis

make-private-fs [--temp] [--devices] {next-prog}

Description

make-private-fs is a chain-loading utility that mounts private volumes in various parts of the filesystem namespace and pre-populates them, and then chain loads to next-prog with the execvp(3) function.

next-prog may contain its own command line options, which make-private-fs will ignore.

The parts of the filesystem that are mounted and populated are controlled by command-line options as follows:

[--temp]

Empty directories, held below a superuser-only-accessible parent, are mounted at /tmp and /var/tmp. They have rwx permissions for the owner, group, and world; and they have the sticky bit set.

[--devices]

A tmpfs filesystem is mounted at /dev, without any real devices in it. It is populated only with "API" devices such as /dev/shm. On Linux, a devpts filesystem is mounted at /dev/pts. On BSD systems, a fdescfs filesystem is mounted at /dev/fd.

The command will fail if the process is not running under the aegis of the superuser, because most of the internal operations necessary are not permitted to non-superusers.

Usage

make-private-fs is usually run chain-loaded from unshare(1). Beware: Running it without unsharing first will affect the global mount namespace.

Author

Jonathan de Boyne Pollard