Constant jail::helpers::MAX_OPEN_FILES_DEFAULT

pub const MAX_OPEN_FILES_DEFAULT: u64 = 4096;

Most devices don’t need to open many fds. However, an implementation detail of minijail is that after applying this limit, it opens an additional file descriptor to scan the /proc/self/fd directory to choose which file descriptors to close in the child process. The open files limit therefore has to be higher than the number file descriptors that the parent thread holds open before the jail is started.