diff --git a/confluent_osdeploy/el9-diskless/profiles/default/scripts/imageboot.sh b/confluent_osdeploy/el9-diskless/profiles/default/scripts/imageboot.sh
index fe53bf38..7b340d2c 100644
--- a/confluent_osdeploy/el9-diskless/profiles/default/scripts/imageboot.sh
+++ b/confluent_osdeploy/el9-diskless/profiles/default/scripts/imageboot.sh
@@ -130,4 +130,9 @@ ln -s /sysroot/lib/modules/$(uname -r) /lib/modules/
 mv /lib/firmware /lib/firmware-ramfs
 ln -s /sysroot/lib/firmware /lib/firmware
 kill $(grep -l ^/usr/lib/systemd/systemd-udevd  /proc/*/cmdline|cut -d/ -f 3)
-exec /opt/confluent/bin/start_root
+if grep debugssh /proc/cmdline >& /dev/null; then
+    exec /opt/confluent/bin/start_root
+else
+    rm -rf /lib/modules/$(uname -r) /lib/modules/$(uname -r)-ramfs /lib/firmware-ramfs /usr/lib64/libcrypto.so* /usr/lib64/systemd/ /kernel/ /usr/bin/ /usr/sbin/ /usr/libexec/
+    exec /opt/confluent/bin/start_root -s  # share mount namespace, keep kernel callbacks intact
+fi
diff --git a/confluent_osdeploy/utils/start_root.c b/confluent_osdeploy/utils/start_root.c
index 132ef469..bd2c4d16 100644
--- a/confluent_osdeploy/utils/start_root.c
+++ b/confluent_osdeploy/utils/start_root.c
@@ -3,8 +3,11 @@
 #include <sys/mount.h>
 #define __USE_GNU
 #include <sched.h>
+#include <string.h>
 int main(int argc, char* argv[]) {
-    unshare(CLONE_NEWNS);
+    if (argc < 2 || strcmp(argv[1], "-s")) {
+        unshare(CLONE_NEWNS);
+    }
     mount("/dev", "/sysroot/dev", NULL, MS_MOVE, NULL);
     mount("/proc", "/sysroot/proc", NULL, MS_MOVE, NULL);
     mount("/sys", "/sysroot/sys", NULL, MS_MOVE, NULL);