What is the purpose of systemd's /run/user/UID/inaccessible/? What is the purpose of `/run/user/<UID>/inaccessible/`? There are two device special files therein, namely `blk` and `chr` with major device number 0, so t...--prophetes.ai

What is the purpose of systemd's /run/user/UID/inaccessible/? What is the purpose of `/run/user/<UID>/inaccessible/`? There are two device special files therein, namely `blk` and `chr` with major device number 0, so these are dummies. But what for? I tried to find this in the systemd online documentation and other resources but I could find no hint whatsoever.

These are used to implement `InaccessiblePaths` in per-user services, as a variant of the `/run/host/inaccessible` directory specified in the systemd container interface.

Programs running inside a restricted environment (not necessarily a container) might not have the privileges required to create robustly inaccessible files of various types; the idea here is that whatever sets up the restricted environment can provide instances of inaccessible files inside the `inaccessible` directory, and those can then be bind-mounted over anything which should be made inaccessible inside the restricted environment.