From 8cb1af9afc84e1cdcf39fc93f0eee75cc2ec1c74 Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@redhat.com>
Date: Tue, 3 Dec 2019 03:36:16 +0100
Subject: Add comment on rootless containers creating device nodes

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
---
 rootless.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/rootless.md b/rootless.md
index 4fb3c7deb..69de6db21 100644
--- a/rootless.md
+++ b/rootless.md
@@ -42,3 +42,5 @@ can easily fail
   * Pause and Unpause (Works with cgroup V2 support)
 * Issues with higher UIDs can cause builds to fail
   * If a build is attempting to use a UID that is not mapped into the user namespace mapping for a container, then builds will not be able to put the UID in an image.
+* Making device nodes within a container fails, even when running --privileged.
+  * Kernel does not allow non root user processes (processes without CAP_MKNOD) to create device nodes.  If container needs to create device nodes, it must be run as root.
-- 
cgit v1.2.3-54-g00ecf