diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go
index 704aaa8e..2635fd6f 100644
--- a/libcontainer/rootfs_linux.go
+++ b/libcontainer/rootfs_linux.go
@@ -510,10 +510,12 @@ func createDeviceNode(rootfs string, node *configs.Device, bind bool) error {
 func mknodDevice(dest string, node *configs.Device) error {
 	fileMode := node.FileMode
 	switch node.Type {
-	case 'c':
+	case 'c', 'u':
 		fileMode |= syscall.S_IFCHR
 	case 'b':
 		fileMode |= syscall.S_IFBLK
+	case 'p':
+		fileMode |= syscall.S_IFIFO
 	default:
 		return fmt.Errorf("%c is not a valid device type for device %s", node.Type, node.Path)
 	}
diff --git a/libcontainer/specconv/spec_linux.go b/libcontainer/specconv/spec_linux.go
index 94afd65c..f99be9f4 100644
--- a/libcontainer/specconv/spec_linux.go
+++ b/libcontainer/specconv/spec_linux.go
@@ -318,7 +318,7 @@ func createCgroupConfig(name string, useSystemdCgroup bool, spec *specs.Spec) (*
 		if d.Access == nil || *d.Access == "" {
 			return nil, fmt.Errorf("device access at %d field cannot be empty", i)
 		}
-		dt, err := stringToDeviceRune(t)
+		dt, err := stringToCgroupDeviceRune(t)
 		if err != nil {
 			return nil, err
 		}
@@ -452,7 +452,7 @@ func createCgroupConfig(name string, useSystemdCgroup bool, spec *specs.Spec) (*
 	return c, nil
 }
 
-func stringToDeviceRune(s string) (rune, error) {
+func stringToCgroupDeviceRune(s string) (rune, error) {
 	switch s {
 	case "a":
 		return 'a', nil
@@ -460,6 +460,21 @@ func stringToDeviceRune(s string) (rune, error) {
 		return 'b', nil
 	case "c":
 		return 'c', nil
+	default:
+		return 0, fmt.Errorf("invalid cgroup device type %q", s)
+	}
+}
+
+func stringToDeviceRune(s string) (rune, error) {
+	switch s {
+	case "p":
+		return 'p', nil
+	case "u":
+		return 'u', nil
+	case "b":
+		return 'b', nil
+	case "c":
+		return 'c', nil
 	default:
 		return 0, fmt.Errorf("invalid device type %q", s)
 	}