Files Hidden By Mount Points

The wolderful flexibility of being able to mount file systems at any point in the file system comes at a small cost: You can end up hiding files - usually by mistake.

For example, imaging having the following file systems:

  • / - the root file system. A small(ish) partition, usually only a few gigabytes in size.
  • /home - for people's $HOME directories.

Pretty normal. You probably have other mountpoints too. But things can be hidden simply by mounting things: Imagine this scenario:

  • Unmount /home
  • Create some big files in /home. These will end up in the root file system, and consume space from here.
  • Re-mount /home

The big files that you created in /home are no longer accessible because /home now refers to a different file system. The files will still be consuming disk space, and unmounting /home will make them re-appear.

The stupid and simple way to track down such files involves simply unmounting the file systems in question and having a look. But this is not always possible on a system that is in use: unmounting the file systems means making stuff unavailable and stopping processes...

Here the linux kernel concept of namespaces come to the rescue: it is possible for different processes to see different mount points. By default, a process belongs to the same namespace as its parent process, and 99% of the time, this is what we want. Except now.

In order to investigate files hidden by mount points, we simply start a new process in its own mount namespace, which is independent of the default (parent) namespace. In this namespace we can unmount things at will (because it will only affect our own process), so we can "peek" under the mount points:

# unshare --mount    # This will start a new interactive subshell
# umount /home       # Only affects our own namespace
# ls -l /home
# exit               # exit the subshell created by unshare

Voila!