diff --git a/internal/service/runner/nsjail.go b/internal/service/runner/nsjail.go
index 57a8508..f1b4691 100644
--- a/internal/service/runner/nsjail.go
+++ b/internal/service/runner/nsjail.go
@@ -117,6 +117,7 @@ func (s *service) JailRun(arg *RunArgs) (RuntimeStatus, error) {
 		"--use_cgroupv2",
 		"--disable_rlimits",
 		"-m", "none:/tmp:tmpfs:size=67108864", // 64MB tmpfs
+		"-T", "/dev", "-R", "/dev/null", "-R", "/dev/zero", "-R", "/dev/full", "-R", "/dev/random", "-R", "/dev/urandom",
 		"-E", "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
 		// following envs must sync with resource/runner
 		"-E", "WOJ_LAUNCHER=/woj/framework/scripts/woj_launcher",