I reported an issue with security.syscalls.intercept.mknod
misbehaving/not functioning as intended with anything beyond 5.15 LTS
some time ago and now I’ve tested it again with the new 6.1 LTS
and it still doesn’t work, so I thought I might just mention it again
Starting from kernel v5.19 it’s possible to mount overlayfs
on top of idmapped layers. So my suspicion is that this is the issue. The mknod emulation might be insufficient in this case to get the right permissions.
I just pulled 5.17.9
from the Arch Linux archives and ran some tests, and it seems like everything works there so your suspicion may be well placed.