SYSTEMD-MOUNTFSD.SERVICE(8) systemd-mountfsd.serviceSYSTEMD-MOUNTFSD.SERVICE(8)
NAME
systemd-mountfsd.service, systemd-mountfsd - Disk Image File System
Mount Service
SYNOPSIS
systemd-mountfsd.service
/usr/lib/systemd/systemd-mountfsd
DESCRIPTION
systemd-mountfsd is a system service that dissects disk images, and
returns mount file descriptors for the file systems contained therein to
clients, via a Varlink IPC API.
The disk images provided must contain a raw file system image or must
follow the Discoverable Partitions Specification[1]. Before mounting any
file systems authenticity of the disk image is established in one or a
combination of the following ways:
1. If the disk image is located in a regular file in one of the
directories /var/lib/machines/, /var/lib/portables/,
/var/lib/extensions/, /var/lib/confexts/ or their counterparts in
the /etc/, /run/, /usr/lib/ it is assumed to be trusted.
2. If the disk image contains a Verity enabled disk image, along with a
signature partition with a key in the kernel keyring or in
/etc/verity.d/ (and related directories) the disk image is
considered trusted.
This service provides one Varlink[2] service: io.systemd.MountFileSystem
which accepts a file descriptor to a regular file or block device, and
returns a number of file descriptors referring to an fsmount() file
descriptor the client may then attach to a path of their choice.
The returned mounts are automatically allowlisted in the
per-user-namespace allowlist maintained by systemd-
nsresourced.service(8).
The file systems are automatically fsck(8)'ed before mounting.
SEE ALSO
systemd(1), systemd-nsresourced.service(8)
NOTES
1. Discoverable Partitions Specification
https://uapi-group.org/specifications/specs/discoverable_partitions_specification/
2. Varlink
https://varlink.org/
systemd 257.9 SYSTEMD-MOUNTFSD.SERVICE(8)
Generated by dwww version 1.16 on Tue Dec 16 04:00:27 CET 2025.