diff --git a/daemon/Sandbox.cpp b/daemon/Sandbox.cpp
index 972cfca..1cf6b4b 100644
--- a/daemon/Sandbox.cpp
+++ b/daemon/Sandbox.cpp
@@ -208,6 +208,12 @@ namespace i2p {
         return false;
       if(!addrule("/usr/share/zoneinfo/", LANDLOCK_ACCESS_FS_READ_FILE|LANDLOCK_ACCESS_FS_READ_DIR, ruleset_fd))
         return false;
+      if(!addrule("/proc/sys/vm", LANDLOCK_ACCESS_FS_READ_FILE|LANDLOCK_ACCESS_FS_READ_DIR, ruleset_fd))
+        return false;
+      if(!addrule("/sys/devices/system/cpu/", LANDLOCK_ACCESS_FS_READ_FILE|LANDLOCK_ACCESS_FS_READ_DIR, ruleset_fd))
+        return false;
+      if(!addrule("/dev/urandom", LANDLOCK_ACCESS_FS_READ_FILE, ruleset_fd))
+        return false;
       if(!addrule("/etc/ld.so.cache", LANDLOCK_ACCESS_FS_READ_FILE, ruleset_fd))
         return false;
       if(!addrule("/etc/nsswitch.conf", LANDLOCK_ACCESS_FS_READ_FILE, ruleset_fd))