diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml
index ec2f029..3c00a64 100644
--- a/.github/workflows/checks.yml
+++ b/.github/workflows/checks.yml
@@ -1,4 +1,4 @@
-name: Run checks
+name: Checks
 
 on:
   pull_request:
@@ -6,17 +6,48 @@ on:
     branches: [main]
 
 jobs:
-  nix-checks:
+  nix-flake-check:
     name: Run nix flake check
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
       - uses: cachix/install-nix-action@v22
         with:
           github_access_token: ${{ secrets.GITHUB_TOKEN }}
       - uses: cachix/cachix-action@v12
         with:
           name: dlr-ft
-          authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
+          authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
       - name: Nix Flake Check
         run: nix flake check
+
+  impure-checks:
+    name: Run check ${{ matrix.check }}
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        check:
+          - udeps
+          - treefmt --fail-on-change
+          - audit --deny warnings
+    steps:
+      - uses: actions/checkout@v3
+      - uses: cachix/install-nix-action@v22
+        with:
+          github_access_token: ${{ secrets.GITHUB_TOKEN }}
+      - uses: cachix/cachix-action@v12
+        with:
+          name: dlr-ft
+          authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
+      - uses: actions/cache@v3
+        with:
+          path: |
+            ~/.cargo/bin/
+            ~/.cargo/registry/index/
+            ~/.cargo/registry/cache/
+            ~/.cargo/git/db/
+            target/
+          key: ${{ runner.os }}-${{ github.job }}-cargo-${{ hashFiles('**/Cargo.lock') }}
+      - name: Run check ${{ matrix.check }}
+        run: nix develop --command ${{ matrix.check }}
diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml
index b5d40e9..6d9035d 100644
--- a/.github/workflows/rust.yml
+++ b/.github/workflows/rust.yml
@@ -16,54 +16,29 @@ jobs:
           - hello_part
           - fuel_tank
           - ping
+          - dev_random
     env:
       DURATION: 10s
       RUST_LOG: trace
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
       - uses: cachix/install-nix-action@v22
         with:
           github_access_token: ${{ secrets.GITHUB_TOKEN }}
       - uses: cachix/cachix-action@v12
         with:
           name: dlr-ft
-          authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
+          authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
+      - uses: actions/cache@v3
+        with:
+          path: |
+            ~/.cargo/bin/
+            ~/.cargo/registry/index/
+            ~/.cargo/registry/cache/
+            ~/.cargo/git/db/
+            target/
+          key: ${{ runner.os }}-${{ github.job }}-${{ matrix.example }}-cargo-${{ hashFiles('**/Cargo.lock') }}
       - name: Check CGroup
         run: systemd-run --user --scope cat /proc/self/cgroup
       - name: Run example ${{ matrix.example }}
-        run: nix develop --command systemd-run-example-${{ matrix.example }} --duration $DURATION  
-
-  checks:
-    name: Run check ${{ matrix.check }}
-    runs-on: ubuntu-latest
-    strategy:
-      fail-fast: false
-      matrix:
-        check:
-          - udeps
-          - treefmt --fail-on-change
-          - audit --deny warnings
-    steps:
-      - uses: actions/checkout@v2
-      - uses: cachix/install-nix-action@v13
-        with:
-          nix_path: nixpkgs=channel:nixos-stable
-          extra_nix_config: |
-            experimental-features = nix-command flakes
-            access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
-      - name: Cache Nix store
-        uses: actions/cache@v3
-        id: nix-cache
-        with:
-          path: /tmp/nixcache
-          key: nix-${{ runner.os }}
-      - name: Import Nix store cache
-        if: "steps.nix-cache.outputs.cache-hit == 'true'"
-        run: nix copy --no-check-sigs --from /tmp/nixcache --all
-      - name: Run check ${{ matrix.check }}
-        run: nix develop --command ${{ matrix.check }}
-      - name: Export Nix store cache
-        if: "steps.nix-cache.outputs.cache-hit != 'true'"
-        run: |
-          nix copy --no-check-sigs --to /tmp/nixcache \
-            .#devShells.x86_64-linux.default
+        run: nix develop --command systemd-run-example-${{ matrix.example }} --duration $DURATION
diff --git a/Cargo.lock b/Cargo.lock
index 755b703..33ed2a7 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -421,6 +421,15 @@ dependencies = [
  "syn 1.0.109",
 ]
 
+[[package]]
+name = "dev_random"
+version = "0.1.0"
+dependencies = [
+ "a653rs",
+ "a653rs-linux",
+ "log",
+]
+
 [[package]]
 name = "either"
 version = "1.8.1"
diff --git a/Cargo.toml b/Cargo.toml
index 1602212..dd28b17 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,4 +1,5 @@
 [workspace]
+resolver = "2"
 
 members = [
     "hypervisor",
@@ -12,6 +13,8 @@ members = [
 
     "examples/ping_client",
     "examples/ping_server",
+
+    "examples/dev_random",
 ]
 
 [workspace.dependencies]
diff --git a/examples/dev_random.yaml b/examples/dev_random.yaml
new file mode 100644
index 0000000..9acbcb4
--- /dev/null
+++ b/examples/dev_random.yaml
@@ -0,0 +1,10 @@
+major_frame: 1s
+partitions:
+  - id: 0
+    name: partition_0
+    duration: 1s
+    offset: 0ms
+    period: 1s
+    image: target/x86_64-unknown-linux-musl/release/dev_random
+    mounts:
+      - [/dev/random, /dev/random]
diff --git a/examples/dev_random/Cargo.toml b/examples/dev_random/Cargo.toml
new file mode 100644
index 0000000..97bcf9e
--- /dev/null
+++ b/examples/dev_random/Cargo.toml
@@ -0,0 +1,11 @@
+[package]
+name = "dev_random"
+version = "0.1.0"
+edition = "2021"
+
+# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
+
+[dependencies]
+a653rs = { workspace = true, features = ["macros"] }
+a653rs-linux = { path = "../../partition" }
+log.workspace = true
\ No newline at end of file
diff --git a/examples/dev_random/src/main.rs b/examples/dev_random/src/main.rs
new file mode 100644
index 0000000..1f3be41
--- /dev/null
+++ b/examples/dev_random/src/main.rs
@@ -0,0 +1,55 @@
+use a653rs::partition;
+use a653rs::prelude::PartitionExt;
+use a653rs_linux::partition::ApexLogger;
+use log::LevelFilter;
+
+fn main() {
+    ApexLogger::install_panic_hook();
+    ApexLogger::install_logger(LevelFilter::Trace).unwrap();
+
+    dev_random::Partition.run()
+}
+
+#[partition(a653rs_linux::partition::ApexLinuxPartition)]
+mod dev_random {
+    use log::info;
+    use std::{fs::*, io::Read};
+
+    #[start(cold)]
+    fn cold_start(mut ctx: start::Context) {
+        // create and start an aperiodic process
+        ctx.create_process_0().unwrap().start().unwrap();
+    }
+
+    // do the same as a cold_start
+    #[start(warm)]
+    fn warm_start(ctx: start::Context) {
+        cold_start(ctx);
+    }
+
+    // this aperiodic process opens /dev/random and reads some random bytes from it
+    #[aperiodic(
+        time_capacity = "Infinite",
+        stack_size = "8KB",
+        base_priority = 1,
+        deadline = "Soft"
+    )]
+    fn process_0(_: process_0::Context) {
+        info!("started process_0");
+
+        // open the device file and read its metadata
+        let filename = "/dev/random";
+        let mut f = File::open(&filename).expect("no file found");
+        let metadata = metadata(&filename).expect("unable to read metadata");
+        info!("metadata: {metadata:#?}");
+
+        // read 16 bytes from the device
+        let mut buffer = [0u8; 16];
+        f.read(&mut buffer).expect("buffer overflow");
+        info!("got some randomness: {buffer:?}");
+
+        info!("terminating this partitiong by setting the operating mode to idle");
+        // TODO wait for https://github.com/DLR-FT/a653rs/issues/22 to be fixed
+        // Hypervisor::set_partition_mode(OperatingMode::Idle);
+    }
+}
diff --git a/flake.nix b/flake.nix
index 97d8852..ee7fe03 100644
--- a/flake.nix
+++ b/flake.nix
@@ -72,6 +72,10 @@
             name = "ping";
             partitions = [ "ping_server" "ping_client" ];
           }
+          {
+            name = "dev_random";
+            partitions = [ "dev_random" ];
+          }
         ];
 
         cargoPackageList = ps: builtins.map (p: "--package=${p}") ps;
@@ -116,6 +120,7 @@
             cargo-audit
             cargo-expand
             nixpkgs-fmt
+            nodePackages.prettier
           ];
           git.hooks = {
             enable = true;
diff --git a/hypervisor/src/hypervisor/config.rs b/hypervisor/src/hypervisor/config.rs
index 87d5067..8d28cb7 100644
--- a/hypervisor/src/hypervisor/config.rs
+++ b/hypervisor/src/hypervisor/config.rs
@@ -122,31 +122,18 @@ pub struct Partition {
     /// Path to the executable of the partition
     pub image: PathBuf,
 
-    /// Devices to be mounted into the partitions namespace
-    ///
-    /// Use this to pass devices into the partition, i. e. to get access to a
-    /// physical serial port.
-    #[serde(default)]
-    pub devices: Vec<Device>,
-
     // TODO
     #[serde(default)]
     pub hm_table: PartitionHMTable,
 
     /// Bindmounts from host to partition
     ///
-    /// Use this to expose a path from the host environment inside of a
-    /// partitions mnt namespace
+    /// Use this to expose a path / file / device file from the host environment
+    /// to the inside of a partitions.
     #[serde(default)]
     pub mounts: Vec<(PathBuf, PathBuf)>,
 }
 
-#[derive(Debug, Serialize, Deserialize, Clone)]
-pub struct Device {
-    pub path: PathBuf,
-    pub read_only: bool,
-}
-
 #[derive(Debug, Serialize, Deserialize, Clone)]
 pub enum Channel {
     Queuing(QueuingChannelConfig),