diff --git a/container/init.go b/container/init.go
index 6813243..c827431 100644
--- a/container/init.go
+++ b/container/init.go
@@ -117,7 +117,7 @@ func Init(prepare func(prefix string), setVerbose func(verbose bool)) {
 	// cache sysctl before pivot_root
 	LastCap()
 
-	if err := Mount("", FHSRoot, "", MS_SILENT|MS_SLAVE|MS_REC, ""); err != nil {
+	if err := Mount(zeroString, FHSRoot, zeroString, MS_SILENT|MS_SLAVE|MS_REC, zeroString); err != nil {
 		log.Fatalf("cannot make / rslave: %v", err)
 	}
 
@@ -138,7 +138,7 @@ func Init(prepare func(prefix string), setVerbose func(verbose bool)) {
 		}
 	}
 
-	if err := Mount("rootfs", intermediateHostPath, "tmpfs", MS_NODEV|MS_NOSUID, ""); err != nil {
+	if err := Mount(SourceTmpfsRootfs, intermediateHostPath, FstypeTmpfs, MS_NODEV|MS_NOSUID, zeroString); err != nil {
 		log.Fatalf("cannot mount intermediate root: %v", err)
 	}
 	if err := os.Chdir(intermediateHostPath); err != nil {
@@ -148,7 +148,7 @@ func Init(prepare func(prefix string), setVerbose func(verbose bool)) {
 	if err := os.Mkdir(sysrootDir, 0755); err != nil {
 		log.Fatalf("%v", err)
 	}
-	if err := Mount(sysrootDir, sysrootDir, "", MS_SILENT|MS_MGC_VAL|MS_BIND|MS_REC, ""); err != nil {
+	if err := Mount(sysrootDir, sysrootDir, zeroString, MS_SILENT|MS_BIND|MS_REC, zeroString); err != nil {
 		log.Fatalf("cannot bind sysroot: %v", err)
 	}
 
@@ -179,7 +179,7 @@ func Init(prepare func(prefix string), setVerbose func(verbose bool)) {
 	}
 
 	// setup requiring host root complete at this point
-	if err := Mount(hostDir, hostDir, "", MS_SILENT|MS_REC|MS_PRIVATE, ""); err != nil {
+	if err := Mount(hostDir, hostDir, zeroString, MS_SILENT|MS_REC|MS_PRIVATE, zeroString); err != nil {
 		log.Fatalf("cannot make host root rprivate: %v", err)
 	}
 	if err := Unmount(hostDir, MNT_DETACH); err != nil {
diff --git a/container/mount.go b/container/mount.go
index 919b6e0..821cdc0 100644
--- a/container/mount.go
+++ b/container/mount.go
@@ -41,6 +41,8 @@ const (
 	// Note that any source value is allowed when fstype is [FstypeMqueue].
 	SourceMqueue = "mqueue"
 
+	// SourceTmpfsRootfs is used when mounting the tmpfs instance backing the intermediate root.
+	SourceTmpfsRootfs = "rootfs"
 	// SourceTmpfsDevtmpfs is used when mounting tmpfs representing a subset of host devtmpfs.
 	SourceTmpfsDevtmpfs = "devtmpfs"
 	// SourceTmpfsEphemeral is used when mounting a writable instance of tmpfs.