Enterprise Infrastructure

Attach filesystems
at any scale.

Attaché is the category-defining infrastructure attachment platform. Mount any filesystem — ext4, xfs, nfs, tmpfs — to any point in your hierarchy, with enterprise-grade controls, propagation management, and zero-downtime remounting.

Request Demo See It In Action

attaché — production cluster

$ attaché -t ext4 /dev/sda1 /mnt/data

$ attaché --bind /var/log /mnt/logs

$ attaché -o ro,noexec,nosuid /dev/sdb1 /mnt/secure

$ attaché -a

Attaching all filesystems from configuration...

├─ /dev/sda1 → /mnt/data [ext4, rw]

├─ /dev/sdb1 → /mnt/secure [ext4, ro,noexec,nosuid]

├─ nas01:/exports → /mnt/nfs [nfs, rw]

└─ tmpfs → /mnt/cache [tmpfs, rw,size=4G]

Capabilities

Every mount operation.
One unified platform.

From read-only bind mounts to recursive propagation topologies, Attaché gives your infrastructure team complete control over filesystem attachment at scale.

⬡

TypeSync Engine

Specify the precise filesystem type — ext4, xfs, btrfs, vfat, nfs, cifs, tmpfs — with our -t type targeting system. Auto-detection when you need flexibility, explicit control when you don't.

-t TYPE

◈

Options Orchestrator

Fine-tune every attachment with a composable options pipeline. Read-only, noexec, nosuid, nodev, sync, async — chain them declaratively for defense-in-depth security postures.

-o OPTIONS

◎

Fleet Attach

One command to bind your entire infrastructure. Fleet Attach reads your configuration manifest and spins up every filesystem in parallel with fork-based concurrency.

-a -F

▣

Bind Topology

Mirror any subtree to a secondary location — or go recursive with rbind to capture the full hierarchy including nested sub-attachments. Zero copy. Zero latency.

--bind / --rbind

◆

Propagation Control

Define exactly how mount events ripple across your namespace graph. Shared, private, slave, unbindable — configure propagation semantics at every node in the tree.

--make-shared/private/slave

▲

Zero-Downtime Remount

Hot-swap mount options on live production filesystems. Transition from read-write to read-only without detaching. Change VFS flags atomically while traffic continues flowing.

-o remount

⬢

Identity Resolution

Attach by label, by UUID, by partition UUID — never depend on unstable device paths again. Our identity layer resolves the right device every time, across reboots and reconfigurations.

-L LABEL / -U UUID

◇

Atomic Move

Relocate an entire mounted tree to a new attachment point in a single atomic operation. No window of unavailability. No data path interruption. Just seamless reattachment.

--move

Workflow

From device to hierarchy
in milliseconds.

Identify the Source

Point Attaché at any block device, network filesystem, or virtual source. Use device paths, LABEL identifiers, or UUIDs for deterministic, hardware-agnostic targeting.

Configure the Policy

Compose your attachment policy: filesystem type, read/write mode, security constraints (nosuid, noexec, nodev), I/O behavior (sync/async), and propagation semantics — all in a single declarative options string.

Execute the Attach

Attaché interfaces directly with the kernel mount API — the modern file-descriptor-based interface when available, with automatic fallback. One syscall chain, fully atomic.

Observe & Iterate

Live-list all attachments with labels and propagation flags. Hot-remount to adjust options. Move subtrees. Scale across your entire fleet with -a. No detach required.

Capability	Attaché	Competitor A	Competitor B
Filesystem type auto-detection	✓	Partial	✗
Bind mount + recursive bind	✓	✓	✗
Propagation control (shared/private/slave)	✓	✗	✗
Zero-downtime remount	✓	Partial	✗
UUID/LABEL identity resolution	✓	✓	Partial
Atomic move operations	✓	✗	✗
Loop device support	✓	Partial	✓
ID-mapped mounts	✓	✗	✗
Fleet-wide attach (`-a -F`)	✓	✗	✗

Plans

Scale your attachment layer.

Every plan includes filesystem auto-detection and real-time attachment monitoring.

Starter

$0/mo

5 attachment points
Read-only mode only (-r)
1 filesystem type (ext4)
No bind mounts
No propagation control
Community support

Get Started

Trusted by infrastructure teams
who ship.

★★★★★

"We were manually attaching filesystems across 400 nodes. Attaché's Fleet Attach with fork-based parallelism reduced our boot-time configuration from 12 minutes to under 8 seconds. Category-defining product."

Ellis Marchetti VP of Platform Engineering, NovaBridge

★★★★★

"The propagation control is a genuine moat. Being able to set shared, private, or slave semantics per mount point gave us the namespace isolation we needed for our container orchestration layer."

Noah Kim CTO, HyperGrid Systems

★★★★★

"Switched from Competitor A after they couldn't handle our bind mount topology. Attaché's recursive bind with atomic move is 10x. Not even close. This is the infrastructure attachment layer we always needed."

Raj Deshmukh Lead SRE, Meridian Cloud

★★★★★

"We needed read-only, noexec, nosuid on every external volume for compliance. Attaché made it a one-line policy. The security team signed off in a day. That never happens."

Daniel Voss Head of InfoSec, VaultEdge

FAQ

Common questions.

Which filesystem types does Attaché support?

Attaché supports over 40 filesystem types including ext2, ext3, ext4, xfs, btrfs, vfat, sysfs, proc, nfs, cifs, tmpfs, overlay, fuse, and more. If the kernel supports it, Attaché can attach it. When no type is specified, our auto-detection engine identifies the filesystem automatically.

Can I change mount options on a live production filesystem?

Yes. Attaché's remount capability lets you change VFS flags — including read-only/read-write, noexec, nosuid, and nodev — without detaching the filesystem. This is fully supported in production environments and does not interrupt active I/O operations.

What happens if a device isn't available at attach time?

Attaché supports the nofail option, which prevents errors from being reported if the device doesn't exist. For network-dependent filesystems, the _netdev option ensures attachment is deferred until the network stack is ready.

Is my data secure during attachment?

Absolutely. Attaché supports dm-verity for transparent integrity verification using cryptographic hashes, nosuid/noexec/nodev security policies, SELinux context options, and read-only enforcement at both VFS and superblock layers. Root permissions are required by default for all attachment operations.

Can non-root users perform attachments?

When configured with the user or users option in your fstab configuration, non-root team members can attach and detach specific filesystems. The owner and group options provide even more granular delegation.

Attach filesystems
at any scale.