Using mknod inside system-wide unprivileged container


I wanted to know if it’s possible to execute cpio command line inside system-wide unprivileged containers (unprivileged container started by root) ?

My goal is to execute : zcat initrd.gz | cpio -id
As a result, I obtain :

cpio: dev/console cannot mknod operation not permitted
cpio: dev/null cannot mknod operation not permitted

I understood that an unprivileged container cannot use mknod in regards to explications in other post, so I tried to add lxc.cap.keep = mknod capability with the hope that it could be a solution, but… no :frowning_face:. I thought that executing unprivileged containers with root would be enough to do this.

I use LXC 2.0.7 with debian 9 (4.9.0-11-amd64)