diff --git a/internal/commands/fork.go b/internal/commands/fork.go
index 5fa392b..fbd073b 100644
--- a/internal/commands/fork.go
+++ b/internal/commands/fork.go
@@ -176,7 +176,7 @@ func Fork(opts *ForkOpts, log *zerolog.Logger) error {
 
 		var dataOptions []string
 		for _, opt := range mount.Options {
-			o, ok := pkg.MountOptions[opt]
+			o, ok := filesystem.MountOptions[opt]
 			if !ok {
 				if !strings.HasPrefix(opt, "gid=") &&
 					!strings.HasPrefix(opt, "uid=") &&
diff --git a/internal/filesystem/defaults.go b/internal/filesystem/defaults.go
new file mode 100644
index 0000000..110cbb2
--- /dev/null
+++ b/internal/filesystem/defaults.go
@@ -0,0 +1,78 @@
+package filesystem
+
+import (
+	"os"
+
+	"github.com/opencontainers/runtime-spec/specs-go"
+)
+
+var (
+	defaultFileMode        = os.FileMode(0666)
+	defaultUID      uint32 = 0
+	defaultGID      uint32 = 0
+)
+
+var DefaultSymlinks = map[string]string{
+	"/proc/self/fd":   "dev/fd",
+	"/proc/self/fd/0": "dev/stdin",
+	"/proc/self/fd/1": "dev/stdout",
+	"/proc/self/fd/2": "dev/stderr",
+	"pts/ptmx":        "dev/ptmx",
+}
+
+var DefaultDevices = []specs.LinuxDevice{
+	{
+		Path:     "/dev/null",
+		Type:     CharDevice,
+		Major:    1,
+		Minor:    3,
+		FileMode: &defaultFileMode,
+		UID:      &defaultUID,
+		GID:      &defaultGID,
+	},
+	{
+		Type:     CharDevice,
+		Path:     "/dev/zero",
+		Major:    1,
+		Minor:    5,
+		FileMode: &defaultFileMode,
+		UID:      &defaultUID,
+		GID:      &defaultGID,
+	},
+	{
+		Type:     CharDevice,
+		Path:     "/dev/full",
+		Major:    1,
+		Minor:    7,
+		FileMode: &defaultFileMode,
+		UID:      &defaultUID,
+		GID:      &defaultGID,
+	},
+	{
+		Type:     CharDevice,
+		Path:     "/dev/random",
+		Major:    1,
+		Minor:    8,
+		FileMode: &defaultFileMode,
+		UID:      &defaultUID,
+		GID:      &defaultGID,
+	},
+	{
+		Type:     CharDevice,
+		Path:     "/dev/urandom",
+		Major:    1,
+		Minor:    9,
+		FileMode: &defaultFileMode,
+		UID:      &defaultUID,
+		GID:      &defaultGID,
+	},
+	{
+		Type:     CharDevice,
+		Path:     "/dev/tty",
+		Major:    5,
+		Minor:    0,
+		FileMode: &defaultFileMode,
+		UID:      &defaultUID,
+		GID:      &defaultGID,
+	},
+}
diff --git a/internal/filesystem/devices.go b/internal/filesystem/devices.go
new file mode 100644
index 0000000..3fbd9df
--- /dev/null
+++ b/internal/filesystem/devices.go
@@ -0,0 +1,9 @@
+package filesystem
+
+var (
+	AllDevices           = "a"
+	BlockDevice          = "b"
+	CharDevice           = "c"
+	UnbufferedCharDevice = "u"
+	FifoDevice           = "p"
+)
diff --git a/internal/filesystem/filesystem.go b/internal/filesystem/filesystem.go
index 0e13857..452947b 100644
--- a/internal/filesystem/filesystem.go
+++ b/internal/filesystem/filesystem.go
@@ -8,83 +8,6 @@ import (
 	"github.com/opencontainers/runtime-spec/specs-go"
 )
 
-var (
-	defaultFileMode        = os.FileMode(0666)
-	defaultUID      uint32 = 0
-	defaultGID      uint32 = 0
-
-	AllDevices           = "a"
-	BlockDevice          = "b"
-	CharDevice           = "c"
-	UnbufferedCharDevice = "u"
-	FifoDevice           = "p"
-)
-
-var DefaultSymlinks = map[string]string{
-	"/proc/self/fd":   "dev/fd",
-	"/proc/self/fd/0": "dev/stdin",
-	"/proc/self/fd/1": "dev/stdout",
-	"/proc/self/fd/2": "dev/stderr",
-	"pts/ptmx":        "dev/ptmx",
-}
-
-var DefaultDevices = []specs.LinuxDevice{
-	{
-		Path:     "/dev/null",
-		Type:     CharDevice,
-		Major:    1,
-		Minor:    3,
-		FileMode: &defaultFileMode,
-		UID:      &defaultUID,
-		GID:      &defaultGID,
-	},
-	{
-		Type:     CharDevice,
-		Path:     "/dev/zero",
-		Major:    1,
-		Minor:    5,
-		FileMode: &defaultFileMode,
-		UID:      &defaultUID,
-		GID:      &defaultGID,
-	},
-	{
-		Type:     CharDevice,
-		Path:     "/dev/full",
-		Major:    1,
-		Minor:    7,
-		FileMode: &defaultFileMode,
-		UID:      &defaultUID,
-		GID:      &defaultGID,
-	},
-	{
-		Type:     CharDevice,
-		Path:     "/dev/random",
-		Major:    1,
-		Minor:    8,
-		FileMode: &defaultFileMode,
-		UID:      &defaultUID,
-		GID:      &defaultGID,
-	},
-	{
-		Type:     CharDevice,
-		Path:     "/dev/urandom",
-		Major:    1,
-		Minor:    9,
-		FileMode: &defaultFileMode,
-		UID:      &defaultUID,
-		GID:      &defaultGID,
-	},
-	{
-		Type:     CharDevice,
-		Path:     "/dev/tty",
-		Major:    5,
-		Minor:    0,
-		FileMode: &defaultFileMode,
-		UID:      &defaultUID,
-		GID:      &defaultGID,
-	},
-}
-
 func MountProc(containerRootfs string) error {
 	containerPath := filepath.Join(containerRootfs, "proc")
 
@@ -108,10 +31,6 @@ func MountProc(containerRootfs string) error {
 	return nil
 }
 
-func UnmountProc() error {
-	return syscall.Unmount("proc", 0)
-}
-
 func MountRootfs(containerRootfs string) error {
 	if err := syscall.Mount(
 		containerRootfs,
@@ -126,32 +45,6 @@ func MountRootfs(containerRootfs string) error {
 	return nil
 }
 
-func PivotRootfs(containerRootfs string) error {
-	oldroot := filepath.Join(containerRootfs, "oldroot")
-
-	if err := os.MkdirAll(oldroot, 0700); err != nil {
-		return err
-	}
-
-	if err := syscall.PivotRoot(containerRootfs, oldroot); err != nil {
-		return err
-	}
-
-	if err := os.Chdir("/"); err != nil {
-		return err
-	}
-
-	if err := syscall.Unmount("oldroot", syscall.MNT_DETACH); err != nil {
-		return err
-	}
-
-	if err := os.RemoveAll("oldroot"); err != nil {
-		return err
-	}
-
-	return nil
-}
-
 func DevInSpec(mounts []specs.Mount, dev string) bool {
 	for _, mount := range mounts {
 		if mount.Destination == dev {
diff --git a/pkg/mount_options.go b/internal/filesystem/mount_options.go
similarity index 91%
rename from pkg/mount_options.go
rename to internal/filesystem/mount_options.go
index 5746557..cb186c4 100644
--- a/pkg/mount_options.go
+++ b/internal/filesystem/mount_options.go
@@ -1,10 +1,7 @@
-package pkg
+package filesystem
 
 import "golang.org/x/sys/unix"
 
-// MountOptions maps the supported mount option string to the corresponding
-// flag, per MUST in spec:
-// https://github.com/opencontainers/runtime-spec/blob/main/config.md#linux-mount-options
 var MountOptions = map[string]struct {
 	No   bool
 	Flag uintptr
diff --git a/internal/filesystem/pivot.go b/internal/filesystem/pivot.go
new file mode 100644
index 0000000..81aef27
--- /dev/null
+++ b/internal/filesystem/pivot.go
@@ -0,0 +1,34 @@
+package filesystem
+
+import (
+	"fmt"
+	"os"
+	"path/filepath"
+	"syscall"
+)
+
+func PivotRootfs(containerRootfs string) error {
+	oldroot := filepath.Join(containerRootfs, "oldroot")
+
+	if err := os.MkdirAll(oldroot, 0700); err != nil {
+		return fmt.Errorf("make old root dir: %w", err)
+	}
+
+	if err := syscall.PivotRoot(containerRootfs, oldroot); err != nil {
+		return fmt.Errorf("pivot to new root: %w", err)
+	}
+
+	if err := os.Chdir("/"); err != nil {
+		return fmt.Errorf("chdir to new root: %w", err)
+	}
+
+	if err := syscall.Unmount("oldroot", syscall.MNT_DETACH); err != nil {
+		return fmt.Errorf("unmount old root: %w", err)
+	}
+
+	if err := os.RemoveAll("oldroot"); err != nil {
+		return fmt.Errorf("remove old root: %w", err)
+	}
+
+	return nil
+}