If you’re creating unprivileged containers you won’t be able to mknod() prior to 4.18 kernels. Could be that the template is not correctly being informed that it is run in a user namespace. You can try and see whether you see the same issue with one of the 3.*.* releases.