diff -Nru runc-1.1.4/debian/changelog runc-1.1.4/debian/changelog
--- runc-1.1.4/debian/changelog	2022-11-17 15:24:35.000000000 +0000
+++ runc-1.1.4/debian/changelog	2023-04-12 20:21:54.000000000 +0000
@@ -1,3 +1,10 @@
+runc (1.1.4-0ubuntu1~20.04.2) focal; urgency=medium
+
+  * d/p/lp2013318-fix-device-files-in-containers.patch: Fix inability to use
+    device files such as /dev/null in containers (LP: #2013318)
+
+ -- Lena Voytek <lena.voytek@canonical.com>  Wed, 12 Apr 2023 13:21:54 -0700
+
 runc (1.1.4-0ubuntu1~20.04.1) focal; urgency=medium
 
   * Backport version 1.1.4-0ubuntu1 from Lunar (LP: #1996909).
diff -Nru runc-1.1.4/debian/patches/lp2013318-fix-device-files-in-containers.patch runc-1.1.4/debian/patches/lp2013318-fix-device-files-in-containers.patch
--- runc-1.1.4/debian/patches/lp2013318-fix-device-files-in-containers.patch	1970-01-01 00:00:00.000000000 +0000
+++ runc-1.1.4/debian/patches/lp2013318-fix-device-files-in-containers.patch	2023-04-12 20:21:54.000000000 +0000
@@ -0,0 +1,30 @@
+Description: Fix inability to use /dev/null when inside a container
+Author: Evan Phoenix <evan@phx.io>
+Origin: upstream, https://github.com/opencontainers/runc/commit/462e719cae227a990ed793241062a8d2d6145332
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/runc/+bug/2013318
+Last-Update: 2023-04-06
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- a/libcontainer/cgroups/systemd/common.go
++++ b/libcontainer/cgroups/systemd/common.go
+@@ -293,8 +293,18 @@
+ 			// rules separately to systemd) we can safely skip entries that don't
+ 			// have a corresponding path.
+ 			if _, err := os.Stat(entry.Path); err != nil {
+-				logrus.Debugf("skipping device %s for systemd: %s", entry.Path, err)
+-				continue
++				// Also check /sys/dev so that we don't depend on /dev/{block,char}
++				// being populated. (/dev/{block,char} is populated by udev, which
++				// isn't strictly required for systemd). Ironically, this happens most
++				// easily when starting containerd within a runc created container
++				// itself.
++
++				// We don't bother with securejoin here because we create entry.Path
++				// right above here, so we know it's safe.
++				if _, err := os.Stat("/sys" + entry.Path); err != nil {
++					logrus.Warnf("skipping device %s for systemd: %s", entry.Path, err)
++					continue
++				}
+ 			}
+ 		}
+ 		deviceAllowList = append(deviceAllowList, entry)
diff -Nru runc-1.1.4/debian/patches/series runc-1.1.4/debian/patches/series
--- runc-1.1.4/debian/patches/series	2022-11-17 15:24:35.000000000 +0000
+++ runc-1.1.4/debian/patches/series	2023-04-12 20:21:54.000000000 +0000
@@ -1,3 +1,4 @@
 test--skip_TestFactoryNewTmpfs.patch
 test--skip-fs-related-cgroups-tests.patch
 fix_cpuset_range_byte_order.patch
+lp2013318-fix-device-files-in-containers.patch