Summary
On an Incus 7.0.0 cluster, security.syscalls.intercept.mknod=true has no
effect:
mknod of even the whitelisted devices (/dev/null 1:3, overlayfs whiteout 0:0) fails with EPERM inside an unprivileged container. As a result, Docker (overlay2) inside an unprivileged system container cannot pull multi-layer images (failed to mknod('/home/ubuntu', S_IFCHR, 0): operation not permitted).
incus info reports empty kernel_features: {} and lxc_features: {}.
The exact same workload works on another host running Incus 6.0.4 with the identical kernel — where kernel_features/lxc_features are fully populated.
Environment (affected)
- Incus: 7.0.0 (Zabbly
lts-7.0, package1:7.0-debian13-202605301824) - OS: Debian GNU/Linux 13 (trixie)
- Kernel:
6.12.90+deb13.1-amd64 - Storage: ZFS · 3-node cluster · unprivileged containers
driver_version(lxc):7.0.0(bundled liblxc)
incus info (relevant excerpt):
kernel_features: {}
lxc_features: {}
Working comparison
Different host, Incus 6.0.4, same kernel 6.12.90+deb13.1-amd64, Debian 13:
kernel_features:
idmapped_mounts: “true”
seccomp_listener: “true”
seccomp_listener_continue: “true”
…
lxc_features:
seccomp_notify: “true”
seccomp_proxy_send_notify_fd: “true”
…
Here interception works as expected.
Steps to reproduce (on the 7.0 host)
incus launch images:debian/13/cloud t1 -c security.syscalls.intercept.mknod=true
incus exec t1 – mknod /tmp/n c 1 3
→ mknod: /tmp/n: Operation not permitted (expected: success)
What I verified
- The generated seccomp policy is correct — it contains
mknod notify/mknodat notifyforS_IFCHR/S_IFBLK, and the runtime config haslxc.seccomp.notify.proxy = unix:/run/incus/seccomp.socket. incusdis listening on/run/incus/seccomp.socket.- With
incusd --debug, the handler receives the notification:
Handling mknodat syscall … syscall_args=“&{8630 259 /tmp/n}”
Send seccomp notification for id(…) but the container still getsEPERM, and no error/warning is logged (even at debug). - The device is on the documented allow-list (both
/dev/null1:3 and whiteout 0:0).
Ruled out
- Kernel:
/proc/sys/kernel/seccomp/actions_availincludesuser_notif; same kernel works on 6.0.4. - Not a boot-time race: empty maps persist after a clean reboot and after a manual
systemctl restart incusin a settled environment. - No systemd hardening on the unit (
MemoryDenyWriteExecute=no, noSystemCallFilter). vm.memfd_noexec = 0.- Bundled liblxc version matches Incus (7.0.0).
Questions
- Is the empty
kernel_features/lxc_featuresa known regression in the Incus 7.0 (Zabblylts-7.0) build, and is it the cause of the interception handler returningEPERMfor whitelisted devices? - What determines these maps being empty at daemon startup (they populate on 6.0.4, same kernel), and how can I restore working syscall interception on 7.0?
Happy to provide full incus info, the generated seccomp policy, or --debug logs.