diff --git a/fst/sandbox.go b/fst/sandbox.go
index b1240ec..fadf39e 100644
--- a/fst/sandbox.go
+++ b/fst/sandbox.go
@@ -245,9 +245,7 @@ func (s *SandboxConfig) ToContainer(sys SandboxSys, uid, gid *int) (*sandbox.Par
 		if etcPath == "" {
 			etcPath = "/etc"
 		}
-		container.
-			Bind(etcPath, Tmp+"/etc", 0).
-			Mkdir("/etc", 0700)
+		container.Bind(etcPath, Tmp+"/etc", 0)
 
 		// link host /etc contents to prevent dropping passwd/group bind mounts
 		if d, err := sys.ReadDir(etcPath); err != nil {
diff --git a/internal/app/app_nixos_test.go b/internal/app/app_nixos_test.go
index d89d099..0b5b42c 100644
--- a/internal/app/app_nixos_test.go
+++ b/internal/app/app_nixos_test.go
@@ -124,7 +124,6 @@ var testCasesNixos = []sealTestCase{
 				Bind("/run/opengl-driver", "/run/opengl-driver", 0).
 				Bind("/dev/dri", "/dev/dri", sandbox.BindDevice|sandbox.BindWritable|sandbox.BindOptional).
 				Bind("/etc", fst.Tmp+"/etc", 0).
-				Mkdir("/etc", 0700).
 				Link(fst.Tmp+"/etc/alsa", "/etc/alsa").
 				Link(fst.Tmp+"/etc/bashrc", "/etc/bashrc").
 				Link(fst.Tmp+"/etc/binfmt.d", "/etc/binfmt.d").
diff --git a/internal/app/app_pd_test.go b/internal/app/app_pd_test.go
index bde436f..50e1611 100644
--- a/internal/app/app_pd_test.go
+++ b/internal/app/app_pd_test.go
@@ -67,7 +67,6 @@ var testCasesPd = []sealTestCase{
 				Tmpfs("/run/user/1971", 8192, 0755).
 				Tmpfs("/run/dbus", 8192, 0755).
 				Bind("/etc", fst.Tmp+"/etc", 0).
-				Mkdir("/etc", 0700).
 				Link(fst.Tmp+"/etc/alsa", "/etc/alsa").
 				Link(fst.Tmp+"/etc/bashrc", "/etc/bashrc").
 				Link(fst.Tmp+"/etc/binfmt.d", "/etc/binfmt.d").
@@ -288,7 +287,6 @@ var testCasesPd = []sealTestCase{
 				Tmpfs("/run/user/1971", 8192, 0755).
 				Tmpfs("/run/dbus", 8192, 0755).
 				Bind("/etc", fst.Tmp+"/etc", 0).
-				Mkdir("/etc", 0700).
 				Link(fst.Tmp+"/etc/alsa", "/etc/alsa").
 				Link(fst.Tmp+"/etc/bashrc", "/etc/bashrc").
 				Link(fst.Tmp+"/etc/binfmt.d", "/etc/binfmt.d").
diff --git a/test/sandbox/case/mapuid.nix b/test/sandbox/case/mapuid.nix
index 634824b..c44a2ae 100644
--- a/test/sandbox/case/mapuid.nix
+++ b/test/sandbox/case/mapuid.nix
@@ -39,7 +39,7 @@
         urandom = fs "42001b6" null null;
         zero = fs "42001b6" null null;
       } null;
-      etc = fs "800001c0" {
+      etc = fs "800001ed" {
         ".clean" = fs "80001ff" null null;
         ".updated" = fs "80001ff" null null;
         "NIXOS" = fs "80001ff" null null;
diff --git a/test/sandbox/case/preset.nix b/test/sandbox/case/preset.nix
index c3ea564..57ac821 100644
--- a/test/sandbox/case/preset.nix
+++ b/test/sandbox/case/preset.nix
@@ -39,7 +39,7 @@
         urandom = fs "42001b6" null null;
         zero = fs "42001b6" null null;
       } null;
-      etc = fs "800001c0" {
+      etc = fs "800001ed" {
         ".clean" = fs "80001ff" null null;
         ".updated" = fs "80001ff" null null;
         "NIXOS" = fs "80001ff" null null;
diff --git a/test/sandbox/case/tty.nix b/test/sandbox/case/tty.nix
index 1f29e1d..ef7e3e8 100644
--- a/test/sandbox/case/tty.nix
+++ b/test/sandbox/case/tty.nix
@@ -40,7 +40,7 @@
         urandom = fs "42001b6" null null;
         zero = fs "42001b6" null null;
       } null;
-      etc = fs "800001c0" {
+      etc = fs "800001ed" {
         ".clean" = fs "80001ff" null null;
         ".updated" = fs "80001ff" null null;
         "NIXOS" = fs "80001ff" null null;