http://brltty.app/pipermail/brltty/2026-March/021700.html

Index: brltty-6.9/Headers/file.h
===================================================================
--- brltty-6.9.orig/Headers/file.h
+++ brltty-6.9/Headers/file.h
@@ -66,9 +66,6 @@ extern char *makeUpdatablePath (const ch
 extern const char *getWritableDirectory (void);
 extern char *makeWritablePath (const char *file);
 
-extern const char *getDevicesDirectory (void);
-extern char *makeDevicesPath (const char *file);
-
 extern char *getWorkingDirectory (void);
 extern int setWorkingDirectory (const char *path);
 
Index: brltty-6.9/Programs/file.c
===================================================================
--- brltty-6.9.orig/Programs/file.c
+++ brltty-6.9/Programs/file.c
@@ -540,32 +540,6 @@ makeWritablePath (const char *file) {
   return makeDirectoryPath(&opt_writableDirectory, file);
 }
 
-const char *
-getDevicesDirectory (void) {
-  static const char *devicesDirectory = NULL;
-
-  if (!devicesDirectory) {
-    const char *directory = makeWritablePath("dev");
-
-    if (directory) {
-      if (ensureDirectory(directory, 0)) {
-        devicesDirectory = directory;
-      }
-    }
-
-    if (devicesDirectory) logMessage(LOG_DEBUG, "devices directory: %s", devicesDirectory);
-  }
-
-  return devicesDirectory;
-}
-
-char *
-makeDevicesPath (const char *file) {
-  const char *directory = getDevicesDirectory();
-  if (directory) return makePath(directory, file);
-  return NULL;
-}
-
 char *
 getWorkingDirectory (void) {
 #if defined(GRUB_RUNTIME)
Index: brltty-6.9/Programs/pgmprivs_linux.c
===================================================================
--- brltty-6.9.orig/Programs/pgmprivs_linux.c
+++ brltty-6.9/Programs/pgmprivs_linux.c
@@ -21,7 +21,6 @@
 #include <string.h>
 #include <errno.h>
 #include <sys/stat.h>
-#include <sys/mount.h>
 
 #include "log.h"
 #include "strfmt.h"
@@ -665,42 +664,6 @@ logCurrentCapabilities (const char *labe
 }
 #endif /* CAP_IS_SUPPORTED */
 
-static int
-setRootMountPropagation (int flag) {
-  if (mount(NULL, "/", NULL, (flag | MS_REC), NULL) != -1) return 1;
-  logSystemError("mount[root,propagatin]");
-  return 0;
-}
-
-static int
-isolateDirectory (const char *directory, const char *label) {
-  const char *mountTarget = directory;
-  if (!mountTarget) return 1;
-
-  const char *mountType = "tmpfs";
-  const char *mountSource = mountType;
-
-  if (mount(mountSource, mountTarget, mountType, 0, "") != -1) {
-    logMessage(LOG_DEBUG, "%s mountpoint is %s: %s", label, mountType, mountTarget);
-
-    if (mount(NULL, mountTarget, NULL, (MS_PRIVATE), "") != -1) {
-      logMessage(LOG_DEBUG, "%s mountpoint is private: %s", label, mountTarget);
-      return 1;
-    } else {
-      logSystemError("mount[private]");
-    }
-  } else {
-    logSystemError("mount[tmpfs]");
-  }
-
-  return 0;
-}
-
-static int
-isolateDevicesDirectory (void) {
-  return isolateDirectory(getDevicesDirectory(), "devices");
-}
-
 #ifdef HAVE_SCHED_H
 #include <sched.h>
 
@@ -718,20 +681,19 @@ static const IsolatedNamespaceEntry isol
   },
   #endif /* CLONE_NEWCGROUP */
 
-  #ifdef CLONE_NEWUTS
-  { .unshareFlag = CLONE_NEWUTS,
-    .name = "UTS",
-    .summary = "host name and NIS domain name",
-  },
-  #endif /* CLONE_NEWUTS */
-
-  // should be last
   #ifdef CLONE_NEWNS
   { .unshareFlag = CLONE_NEWNS,
     .name = "mount",
     .summary = "mount points",
   },
   #endif /* CLONE_NEWNS */
+
+  #ifdef CLONE_NEWUTS
+  { .unshareFlag = CLONE_NEWUTS,
+    .name = "UTS",
+    .summary = "host name and NIS domain name",
+  },
+  #endif /* CLONE_NEWUTS */
 }; static const uint8_t isolatedNamespaceCount = ARRAY_COUNT(isolatedNamespaceTable);
 
 static void
@@ -759,21 +721,8 @@ isolateNamespaces (void) {
       ine += 1;
     }
 
-    int isolatingMounts = !!(unshareFlags & CLONE_NEWNS);
-
-    if (isolatingMounts) {
-      if (!setRootMountPropagation(MS_SHARED)) {
-        isolatingMounts = 0;
-      }
-    }
-
     if (unshare(unshareFlags) == -1) {
       logSystemError("unshare");
-    } else if (isolatingMounts) {
-      if (setRootMountPropagation(MS_SLAVE)) {
-        logMessage(LOG_DEBUG, "root file system is enslaved");
-        isolateDevicesDirectory();
-      }
     }
   } else {
     logMessage(LOG_WARNING, "can't isolate namespaces");
Index: brltty-6.9/Programs/system_linux.c
===================================================================
--- brltty-6.9.orig/Programs/system_linux.c
+++ brltty-6.9/Programs/system_linux.c
@@ -1081,7 +1081,7 @@ openCharacterDevice (const char *name, i
     if ((errno == ENOENT) || (errno == EACCES)) {
       free(path);
 
-      if ((path = makeDevicesPath(locatePathName(name)))) {
+      if ((path = makeWritablePath(locatePathName(name)))) {
         descriptor = createCharacterDevice(path, flags, major, minor);
       }
     }
