|
|
|
|
|
|
by throwaway2048
4349 days ago
|
|
|
it is normal for a vast amount of software to fork privsep children into /var/empty, which as name suggests, is empty. Forcing urandom to exist also precludes mounting partions 'nodev' which has secuirty implications in a chroot enviroment. Lastly, relying on a devicefile makes you prone to things like fd exhaustion attacks. |
|
|