mknod fails with Operation not permitted when container is started as a Portainer Stack

[xJayMorex]

Describe the bug
Even though NET_ADMIN capability is granted, mknod fails with mknod: /dev/net/tun: Operation not permitted. Also tried granting mknod capability, privileged: true and device: /dev/net/tun with no success.

To Reproduce
Steps to reproduce the behavior:

1. Use docker-compose.yml to create a Portainer Stack
2. Check logs

Expected behavior
mknod command runs successfully.

Screenshots
mknod command fails.

Host OS
Name: Portainer
Version: 2.19.4

Dockovpn Version
Version: 1.13.0

Additional context

Tue Mar 26 22:30:14 2024 Creating tun/tap device.
mknod: /dev/net/tun: Operation not permitted
Tue Mar 26 22:30:14 2024 Dockovpn v1.13.0
Tue Mar 26 22:30:14 2024 Data exist: skipping client generation
2024-03-26 22:30:14 Note: Treating option '--ncp-ciphers' as  '--data-ciphers' (renamed in OpenVPN 2.5).
2024-03-26 22:30:14 WARNING: --topology net30 support for server configs with IPv4 pools will be removed in a future release. Please migrate to --topology subnet as soon as possible.
2024-03-26 22:30:14 OpenVPN 2.5.6 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Mar 24 2022
2024-03-26 22:30:14 library versions: OpenSSL 1.1.1k  25 Mar 2021, LZO 2.10
2024-03-26 22:30:14 WARNING: --ifconfig-pool-persist will not work with --duplicate-cn
2024-03-26 22:30:14 CRL: loaded 1 CRLs from file /etc/openvpn/crl.pem
2024-03-26 22:30:14 ERROR: Cannot open TUN/TAP dev /dev/net/tun: No such file or directory (errno=2)
2024-03-26 22:30:14 Exiting due to fatal error

[alekslitvinenk]

Hello,

The container behaves exactly as if NET_ADMIN capability was not added

[kqmaverick]

Need CAP_MKNOD