+ m = mounts = (BindMount *) alloca(n * sizeof(BindMount));
+ if ((r = append_mounts(&m, read_write_dirs, READWRITE)) < 0 ||
+ (r = append_mounts(&m, read_only_dirs, READONLY)) < 0 ||
+ (r = append_mounts(&m, inaccessible_dirs, INACCESSIBLE)) < 0)
+ goto fail;
+
+ if (private_tmp) {
+ m->path = "/tmp";
+ m->mode = PRIVATE_TMP;
+ m++;
+
+ m->path = "/var/tmp";
+ m->mode = PRIVATE_VAR_TMP;
+ m++;
+ }
+
+ assert(mounts + n == m);
+
+ qsort(mounts, n, sizeof(BindMount), mount_path_compare);
+ drop_duplicates(mounts, &n);
+
+ /* Remount / as SLAVE so that nothing now mounted in the namespace