if let Some(added_devices) = linux.devices() {
           tracing::debug!("with linux added devices: {:?}", added_devices);
           devicer.create_devices(
               rootfs,
               default_devices().iter().chain(added_devices),
               bind_devices,
           )
       } else {
           tracing::debug!("with only default devices");
           devicer.create_devices(rootfs, &default_devices(), bind_devices)
       }?;

in prepare_rootfs

when run with docker --privileged, since all host devices can be accessed in /dev, this causes some duplicated devices in default_devices() and linux.devices() which are then chained together.

On my machine, I got failed to mknod device LinuxDevice { path: "/dev/full", typ: C, major: 1, minor: 7, file_mode: Some(438), uid: Some(0), gid: Some(0) } with err Nix(EEXIST)

Hey, thanks for the bug report!
Can you post the complete command that you used to do this, as well as the docker setup/ config that you used, so we can try reproducing this?

I run with docker run -it --rm --privileged debian bash

The only thing I've changed with docker is

{
"default-runtime" : "youki",
"runtimes": {
       "youki" : {"path":  "youki/binary/path", "runtimeArgs" : ["--debug", "--systemd-log"]}
  }
}

I use youki debug build

ok, thanks, the fix seems apparently simple, to filter out extra devices, so will try to get this fixed soon 👍

Hey, this should get fixed in #2438, but keeping this open for self-note to add unit/e2e tests for testing this, as those are not added in the PR.