diff --git a/pkgs/additional/bunpen/restrict/namespace.ha b/pkgs/additional/bunpen/restrict/namespace.ha
index 47420e6cd..a29f8a1d6 100644
--- a/pkgs/additional/bunpen/restrict/namespace.ha
+++ b/pkgs/additional/bunpen/restrict/namespace.ha
@@ -130,6 +130,11 @@ fn isolate_paths(paths: []path::buffer) void = {
     "proc", "new/proc", "proc", rtext::MS_NOSUID | rtext::MS_NOEXEC | rtext::MS_NODEV, null
   ));
 
+
+  // provide a new `/tmp` too.
+  rtext::swallow_error("[namespace] mkdir new/tmp", rt::mkdir("new/tmp", 0o777));
+  rtext::swallow_error("[namespace] mount -t tmpfs tmpfs new/tmp", rtext::mount("tmpfs", "new/tmp", "tmpfs", 0, null));
+
   // bind all the user-requested paths from `old/$p` into `new/$p`.
   // use the `dirfd` abstraction so that paths meant for `old` can't crawl out
   // of that virtual fs.