Swarm mode now supports capabilities, does that help?

[YoshiWalsh]

Currently this stack spins up a privileged docker instance outside of the Swarm and uses that to manage the devices.

I'm wondering, does managing the devices really need to be done by a privileged container, or can it be achieved via adding capabilities? (E.g. SYS_ADMIN)

Sorry if this is a silly question, I don't know that much about how Linux devices/cgroups work.

[mnestor]

You should be able to make it work with setting SYS_ADMIN caps. I think I did get that working right after they added that ability to swarm I just had stability issues since it wasn't always quick enough before my zwave container tried to grab the device and gave up.