[viraptor]

You can open /dev/null at init time and then lock down open(). Sure - it's not always possible, but it's a solution.

[kentonv]

That's definitely a way better strategy than what I said -- when your code is well-designed-enough for it to work.

[justincormack]

That is the Capsicum model, disable open when you go into secure mode. Note you can allow passing of file descriptors and an external program can open new files for you if you allow this. Many single task programs do not need to open files after initialisation.