mirror of
https://github.com/SerenityOS/serenity
synced 2026-04-25 17:15:42 +02:00
f750bab4ce
/sys has lots of interesting information that an ordinary program in a container session shouldn't really care about, such as possible major and minor numbers of potentially exposed device files, etc. It seems like we don't really need /sys at the moment, so there's no harmful impact by this change. The risk of keeping /sys is probably low anyway, because, for example, a jailed process can't open most device files, even if it "sees" them in /sys. However, as another line of defense, let's just not mount /sys in such environment, if possible.