diff --git a/cmd/wireproxy/main.go b/cmd/wireproxy/main.go
index a4e6a8d..48880c2 100644
--- a/cmd/wireproxy/main.go
+++ b/cmd/wireproxy/main.go
@@ -76,24 +76,24 @@ func lock(stage string) {
 		// Linux
 		net.DefaultResolver.PreferGo = true // needed to lock down dependencies
 		panicIfError(landlock.V1.BestEffort().RestrictPaths(
-			landlock.ROFiles("/etc/resolv.conf"),
-			landlock.ROFiles("/dev/fd"),
-			landlock.ROFiles("/dev/zero"),
-			landlock.ROFiles("/dev/urandom"),
-			landlock.ROFiles("/etc/localtime"),
-			landlock.ROFiles("/proc/self/stat"),
-			landlock.ROFiles("/proc/self/status"),
-			landlock.ROFiles("/usr/share/locale"),
-			landlock.ROFiles("/proc/self/cmdline"),
-			landlock.ROFiles("/usr/share/zoneinfo"),
-			landlock.ROFiles("/proc/sys/kernel/version"),
-			landlock.ROFiles("/proc/sys/kernel/ngroups_max"),
-			landlock.ROFiles("/proc/sys/kernel/cap_last_cap"),
-			landlock.ROFiles("/proc/sys/vm/overcommit_memory"),
-			landlock.RWFiles("/dev/log"),
-			landlock.RWFiles("/dev/null"),
-			landlock.RWFiles("/dev/full"),
-			landlock.RWFiles("/proc/self/fd"),
+			landlock.ROFiles("/etc/resolv.conf").IgnoreIfMissing(),
+			landlock.ROFiles("/dev/fd").IgnoreIfMissing(),
+			landlock.ROFiles("/dev/zero").IgnoreIfMissing(),
+			landlock.ROFiles("/dev/urandom").IgnoreIfMissing(),
+			landlock.ROFiles("/etc/localtime").IgnoreIfMissing(),
+			landlock.ROFiles("/proc/self/stat").IgnoreIfMissing(),
+			landlock.ROFiles("/proc/self/status").IgnoreIfMissing(),
+			landlock.ROFiles("/usr/share/locale").IgnoreIfMissing(),
+			landlock.ROFiles("/proc/self/cmdline").IgnoreIfMissing(),
+			landlock.ROFiles("/usr/share/zoneinfo").IgnoreIfMissing(),
+			landlock.ROFiles("/proc/sys/kernel/version").IgnoreIfMissing(),
+			landlock.ROFiles("/proc/sys/kernel/ngroups_max").IgnoreIfMissing(),
+			landlock.ROFiles("/proc/sys/kernel/cap_last_cap").IgnoreIfMissing(),
+			landlock.ROFiles("/proc/sys/vm/overcommit_memory").IgnoreIfMissing(),
+			landlock.RWFiles("/dev/log").IgnoreIfMissing(),
+			landlock.RWFiles("/dev/null").IgnoreIfMissing(),
+			landlock.RWFiles("/dev/full").IgnoreIfMissing(),
+			landlock.RWFiles("/proc/self/fd").IgnoreIfMissing(),
 		))
 	default:
 		panic("invalid stage")