diff --git a/fs/resolve.go b/fs/resolve.go
index 4b73676..bde6f0e 100644
--- a/fs/resolve.go
+++ b/fs/resolve.go
@@ -7,6 +7,7 @@ import (
 	"path"
 	"path/filepath"
 	"strings"
+	"os"
 )
 
 func resolvePath(p string, u *user.User) ([]string, error) {
@@ -25,7 +26,15 @@ func resolveVars(p string, u *user.User) (string, error) {
 
 	switch {
 	case strings.HasPrefix(p, pathVar):
+		emptyPath := false
+		if os.Getenv("PATH") == "" {
+			emptyPath = true
+			os.Setenv("PATH", "/bin:/usr/bin:/sbin:/usr/sbin")
+		}
 		resolved, err := exec.LookPath(p[len(pathVar):])
+		if emptyPath {
+			os.Unsetenv("PATH")
+		}
 		if err != nil {
 			return "", fmt.Errorf("failed to resolve %s", p)
 		}
diff --git a/oz-daemon/daemon.go b/oz-daemon/daemon.go
index 5cb87b9..af79275 100644
--- a/oz-daemon/daemon.go
+++ b/oz-daemon/daemon.go
@@ -10,7 +10,6 @@ import (
 	"github.com/subgraph/oz/network"
 
 	"github.com/op/go-logging"
-	"github.com/subgraph/oz/fs"
 	"os"
 	"path"
 )
@@ -87,12 +86,6 @@ func initialize() *daemonState {
 		}
 	}
 
-	rootfs := path.Join(config.SandboxPath, "rootfs")
-	fs := fs.NewFilesystem(config, d.log)
-	d.log.Info("Creating root filesystem at %s", rootfs)
-	if err := setupRootfs(fs); err != nil {
-		d.log.Fatalf("Failed setting up root filesystem: %v", err)
-	}
 	sockets := path.Join(config.SandboxPath, "sockets")
 	if err := os.MkdirAll(sockets, 0755); err != nil {
 		d.log.Fatalf("Failed to create sockets directory: %v", err)
diff --git a/oz-init/init.go b/oz-init/init.go
index 13e2bc1..305c2a1 100644
--- a/oz-init/init.go
+++ b/oz-init/init.go
@@ -503,8 +503,13 @@ func (st *initState) childrenVector() []*exec.Cmd {
 }
 
 func (st *initState) setupFilesystem(extra []oz.WhitelistItem) error {
+
 	fs := fs.NewFilesystem(st.config, st.log)
 
+	if err := setupRootfs(fs); err != nil {
+		return err
+	}
+
 	if err := st.bindWhitelist(fs, st.profile.Whitelist); err != nil {
 		return err
 	}
diff --git a/oz-daemon/rootfs.go b/oz-init/rootfs.go
similarity index 99%
rename from oz-daemon/rootfs.go
rename to oz-init/rootfs.go
index 8a56028..098111d 100644
--- a/oz-daemon/rootfs.go
+++ b/oz-init/rootfs.go
@@ -1,4 +1,4 @@
-package daemon
+package ozinit
 
 import (
 	"fmt"