Trying to run a dpdk app in a container without the --privileged option to docker run.

I've created the hugetlbfs mounts on the host machine (e.g., mount -t hugetlbfs nodev /tmp/mnt/huge)

# mount | grep huge
cgroup on /sys/fs/cgroup/hugetlb type cgroup (rw,nosuid,nodev,noexec,relatime,seclabel,hugetlb)
nodev on /tmp/mnt/huge type hugetlbfs (rw,relatime,seclabel)

However, within the container I get:

EAL: Selected IOVA mode 'VA'
EAL: 64 hugepages of size 1073741824 reserved, but no mounted hugetlbfs found for that size
EAL: Probing VFIO support...
EAL: VFIO support initialized
EAL: Failed to get current mempolicy: Operation not permitted. Assuming MPOL_DEFAULT.
EAL: set_mempolicy failed: Operation not permitted
EAL: set_mempolicy failed: Operation not permitted
EAL: Failed to get current mempolicy: Operation not permitted. Assuming MPOL_DEFAULT.
EAL: set_mempolicy failed: Operation not permitted
EAL: set_mempolicy failed: Operation not permitted
EAL: error allocating rte services array
EAL: FATAL: rte_service_init() failed
EAL: rte_service_init() failed

I've tried both setting the ownership of the mount point to the non-root-user as well as trying to bind the mount point in various ways (e.g., -v /mnt/huge:/mnt/huge -v /dev/hugepages:/dev/hugepages). I've even tried non-standard mountpoints and passing --huge-dir non/standard/mountpoint to the eal_args.

One stackoverflow answer suggested using the --device option (e.g., --device /dev/hugepages), but for /dev/hugepages or /dev/hugetlbfs I get the following error:

/usr/bin/docker-current: Error response from daemon: linux runtime spec devices: error gathering device information while adding custom device "/dev/hugepages": not a device node.

I've also passed in a lot of syscaps like sys_rawio, sys_admin, sys_resource, but doubt those are the issue.

It seems like people have been able to do it in the past. Not sure if there are new features in docker that lock down memory further in containers preventing what I'm trying to do. Any suggestions?