Some computer system environments allow execution of program instances in separate sub-execution environments. A sub-execution environment operates under a parent environment, whether it is the absolute root of the directory tree, or another branch in the directory tree. In an environment where sub-execution environments are permitted (e.g., chroot in a UNIX/LINUX environment), there may be a way for a program to “escape” from the sub-execution environment. Basically, even in environments where sub-execution environments exist as confined execution environments, it is generally possible for a “confined” process to view outside the sub-execution environment and execute operations outside the confined environment. Traditionally, a program in a sub-execution environment can traverse the directory tree to its parent, or above. Thus, a program need simply access a point in the directory outside the confined environment, and it may obtain access to data and/or services that it may not be intended to access. In many cases, the access to a directory logically above its execution container can be a security risk.