Access Host Device via Rootless Docker Container

Hey all, I’m trying to use rootless docker for a client application where the application requires access to a device on the host machine. Specifically, the application needs read and write access to /dev/udmabuf. Now on the host I have my user, username is admin, that has read and write permissions to /dev/udmabuf via a specific user group: udmabufgroup. I can run the application on the host as this user and it works properly. When I start up a container with my application however, I see that the root user in the container is not being transferred the permissions of my host user, which causes my application to fail.

Some more details to help speed up the debug process:
Host Side----

> lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 24.04 LTS
Release:        24.04
Codename:       noble
> docker info 
Client: Docker Engine - Community
 Version:    27.2.0
 Context:    rootless
 Debug Mode: false
... <truncated>
> docker context show
rootless
> id
uid=1000(admin) gid=1000(admin) groups=1000(admin),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),101(lxd),1001(udmabufgroup)
> ll /dev/udmabuf 
crw-rw---- 1 root udmabufgroup 10, 124 Aug 28 19:00 /dev/udmabuf
> cat /etc/group | grep 'udma'
udmabufgroup:x:1001:admin
> cat /etc/subuid
admin:100000:65536
> cat /etc/subgid
admin:100000:65536

My build + run steps are straightforward:

> docker build -f docker/Dockerfile-Client -t client-image:latest .
> docker run -d --device=/dev/udmabuf:/dev/udmabuf -v /var/run/server:/socket --name client-service client-image:latest

I’m not currently doing anything special in the dockerfile, just setting up some dependencies for my application:

...
RUN apt-get update && apt-get install -y \
    build-essential \
    git \
    cmake \
    python3 \
    && rm -rf /var/lib/apt/lists/*
    
RUN mkdir -p /socket

WORKDIR /application

CMD ...

Within the container I see that the user does not have access to udmabuf when I run in interactive mode:

> docker run -it --device=/dev/udmabuf:/dev/udmabuf -v /var/run/server:/socket --name client-service client-image:latest bash
> id
uid=0(root) gid=0(root) groups=0(root)
> ll /dev/udmabuf 
crw-rw---- 1 nobody nogroup 10, 124 Aug 28 19:00 /dev/udmabuf
> cat /etc/group | grep 'udma'
<blank>
> cat /etc/subuid
ubuntu:100000:65536
> cat /etc/subgid
ubuntu:100000:65536

Why this user is called ubuntu here, I have no idea. When I try to run the container with my admin user id, I still do not have access to udmabuf and for some reason my username is ubuntu:

> docker run -it --device=/dev/udmabuf:/dev/udmabuf --user 1000 -v /var/run/server:/socket --name client-service client-image:latest bash
> id
uid=1000(ubuntu) gid=1000(ubuntu) groups=1000(ubuntu),4(adm),20(dialout),24(cdrom),25(floppy),27(sudo),29(audio),30(dip),44(video),46(plugdev)
> ll /dev/udmabuf 
crw-rw---- 1 nobody nogroup 10, 124 Aug 28 19:00 /dev/udmabuf

So in summary, my question is: How do I enable access to a host device (specifically /dev/udmabuf) for an application I am running in a rootless docker container?