I've a physical host with a quite recent Docker version:[centos@dockerhost ~

1. I've a physical host with a quite recent Docker version:
2.  
3. [centos@dockerhost ~]$ docker -v
4. Docker version 1.9.0, build 76d6bc9
5.  
6. I've a block device on my host:
7.  
8. [centos@dockerhost ~]$ ll /dev/vdb
9. brw-rw----. 1 root disk 253, 16 Nov 25 08:53 /dev/vdb
10.  
11.  
12.  
13. I've formatted the host's block device
14.  
15. [centos@dockerhost ~]$ sudo mkfs.ext4 /dev/vdb
16. mke2fs 1.42.9 (28-Dec-2013)
17. [...]
18. Writing superblocks and filesystem accounting information: done
19.  
20. I've started an ubuntu docker container WITHOUT --privileged, but adding the capability "SYS_ADMIN" and mapping /dev/vdb to internal container device /dev/mydevice. Then I can mount /dev/mydevice from within the container:
21.  
22. [centos@dockerhost ~]$ docker run -ti --cap-add=SYS_ADMIN --device=/dev/vdb:/dev/mydevice ubuntu /bin/bash
23. root@4ee4fb67b679:/# ls -l /dev/mydevice
24. brw-rw----. 1 root disk 253, 16 Nov 25 09:03 /dev/mydevice
25. root@4ee4fb67b679:/# mount /dev/mydevice /mnt/
26. root@4ee4fb67b679:/# df -h
27. Filesystem                                                                                         Size  Used Avail Use% Mounted on
28. /dev/mapper/docker-253:1-9445551-4ee4fb67b679d46814f7ad9eeef2bc264970431dfba60a372ad50523f9db7a38   99G  268M   94G   1% /
29. [...]
30. /dev/mydevice                                                                                      976M  2.6M  907M   1% /mnt
31.  
32. root@4ee4fb67b679:/# cp -r /bin/ /mnt/
33. root@4ee4fb67b679:/# umount /mnt/
34. root@4ee4fb67b679:/# exit
35.  
36. When returned back to the host, I can check that the container ACTUALLY wrote:
37.  
38. [centos@dockerhost ~]$ sudo mount /dev/vdb /mnt/
39. [centos@dockerhost ~]$ ls -l /mnt/
40. total 20
41. drwxr-xr-x. 2 root root  4096 Nov 25 09:03 bin
42. drwx------. 2 root root 16384 Nov 25 09:02 lost+found
43.  
44.  
45. Without the --cap-app=SYS_ADMIN, I see the /dev/mydevice but I cannot mount it:
46.  
47. [centos@dockerhost ~]$ docker run -ti --device=/dev/vdb:/dev/mydevice ubuntu /bin/bash
48. root@2da677bd0934:/# ls -l /dev/mydevice
49. brw-rw----. 1 root disk 253, 16 Nov 25 09:09 /dev/mydevice
50. root@2da677bd0934:/# mount /dev/mydevice  /mnt/
51. mount: permission denied