diff --git a/native/src/core/bootstages.cpp b/native/src/core/bootstages.cpp
index 19586bf34e1f1..ca595c3ad41eb 100644
--- a/native/src/core/bootstages.cpp
+++ b/native/src/core/bootstages.cpp
@@ -73,8 +73,7 @@ static void setup_mounts() {
     // Prepare worker
     ssprintf(path, sizeof(path), "%s/" WORKERDIR, get_magisk_tmp());
     xmkdir(path, 0);
-    xmount("worker", path, "tmpfs", 0, "mode=755");
-    xmount(nullptr, path, nullptr, MS_PRIVATE, nullptr);
+    xmount(path, path, nullptr, MS_BIND, nullptr);
 }
 
 string find_preinit_device() {
diff --git a/native/src/core/daemon.cpp b/native/src/core/daemon.cpp
index a944cebd3bf6a..3fbf32eb9747f 100644
--- a/native/src/core/daemon.cpp
+++ b/native/src/core/daemon.cpp
@@ -391,13 +391,6 @@ static void daemon_entry() {
     ssprintf(path, sizeof(path), "%s/" ROOTOVL, tmp);
     rm_rf(path);
 
-    // Unshare magiskd
-    xunshare(CLONE_NEWNS);
-    // Hide magisk internal mount point
-    xmount(nullptr, tmp, nullptr, MS_PRIVATE | MS_REC, nullptr);
-    // Fix sdcardfs bug on old kernel
-    xmount(nullptr, "/mnt", nullptr, MS_SLAVE | MS_REC, nullptr);
-
     // Use isolated devpts if kernel support
     if (access("/dev/pts/ptmx", F_OK) == 0) {
         ssprintf(path, sizeof(path), "%s/" SHELLPTS, tmp);
diff --git a/native/src/core/deny/revert.cpp b/native/src/core/deny/revert.cpp
index 90dd206cabf25..e6c56ebd2c17d 100644
--- a/native/src/core/deny/revert.cpp
+++ b/native/src/core/deny/revert.cpp
@@ -20,7 +20,7 @@ void revert_unmount() {
     // Unmount dummy skeletons and MAGISKTMP
     // since mirror nodes are always mounted under skeleton, we don't have to specifically unmount
     for (auto &info: parse_mount_info("self")) {
-        if (info.source == "magisk" || info.source == "worker" || // magisktmp tmpfs
+        if (info.source == "magisk" || // magisktmp tmpfs
             info.root.starts_with("/adb/modules")) { // bind mount from data partition
             targets.insert(info.target);
         }
diff --git a/native/src/core/module.cpp b/native/src/core/module.cpp
index c68cccaea81f7..42c62893eb0cd 100644
--- a/native/src/core/module.cpp
+++ b/native/src/core/module.cpp
@@ -164,6 +164,7 @@ void tmpfs_node::mount() {
         dir_node::mount();
         VLOGD(replace() ? "replace" : "move", worker_dir.data(), node_path().data());
         xmount(worker_dir.data(), node_path().data(), nullptr, MS_MOVE, nullptr);
+        xmount(nullptr, node_path().data(), nullptr, MS_REMOUNT | MS_BIND | MS_RDONLY, nullptr);
     } else {
         const string dest = worker_path();
         // We don't need another layer of tmpfs if parent is tmpfs
@@ -328,8 +329,11 @@ void load_modules() {
         root->mount();
     }
 
+    // cleanup mounts
     ssprintf(buf, sizeof(buf), "%s/" WORKERDIR, get_magisk_tmp());
-    xmount(nullptr, buf, nullptr, MS_REMOUNT | MS_RDONLY, nullptr);
+    xumount2(buf, MNT_DETACH);
+    ssprintf(buf, sizeof(buf), "%s/" MODULEMNT, get_magisk_tmp());
+    xumount2(buf, MNT_DETACH);
 }
 
 /************************