@@ -1444,13 +1444,13 @@ definitions:

           Linux:

             type: "object"

             x-nullable: false

-            required: [Capabilities, DeviceCreation, Devices]

+            required: [Capabilities, AllowAllDevices, Devices]

             properties:

               Capabilities:

                 type: "array"

                 items:

                   type: "string"

-              DeviceCreation:

+              AllowAllDevices:

                 type: "boolean"

                 x-nullable: false

               Devices:

@@ -1522,7 +1522,7 @@ definitions:

           Type: ""

         Linux:

           Capabilities: null

-          DeviceCreation: false

+          AllowAllDevices: false

           Devices: null

         Mounts: null

         PropagatedMount: "/data"

@@ -6364,7 +6364,7 @@ paths:

                     Type: ""

                   Linux:

                     Capabilities: null

-                    DeviceCreation: false

+                    AllowAllDevices: false

                     Devices: null

                   Mounts: null

                   PropagatedMount: "/data"

@@ -120,13 +120,13 @@ type PluginConfigInterface struct {

 // swagger:model PluginConfigLinux

 type PluginConfigLinux struct {

-	// capabilities

+	// allow all devices

 	// Required: true

-	Capabilities []string `json:"Capabilities"`

+	AllowAllDevices bool `json:"AllowAllDevices"`

-	// device creation

+	// capabilities

 	// Required: true

-	DeviceCreation bool `json:"DeviceCreation"`

+	Capabilities []string `json:"Capabilities"`

 	// devices

 	// Required: true

@@ -153,6 +153,10 @@ Config provides the base accessible fields for working with V0 plugin format

           capabilities of the plugin (*Linux only*), see list [`here`](https://github.com/opencontainers/runc/blob/master/libcontainer/SPEC.md#security)

+    - **`allowAllDevices`** *boolean*

+

+	If `/dev` is bind mounted from the host, and allowAllDevices is set to true, the plugin will have `rwm` access to all devices on the host.

+

     - **`devices`** *PluginDevice array*

           device of the plugin, (*Linux only*), struct consisting of the following fields, see [`DEVICES`](https://github.com/opencontainers/runtime-spec/blob/master/config-linux.md#devices)

@@ -205,7 +209,7 @@ Config provides the base accessible fields for working with V0 plugin format

             },

             "Linux": {

                 "Capabilities": null,

-                "DeviceCreation": false,

+                "AllowAllDevices": false,

                 "Devices": null

             },

             "Mounts": null,

@@ -159,10 +159,10 @@ func computePrivileges(c types.PluginConfig) (types.PluginPrivileges, error) {

 			})

 		}

 	}

-	if c.Linux.DeviceCreation {

+	if c.Linux.AllowAllDevices {

 		privileges = append(privileges, types.PluginPrivilege{

-			Name:        "device-creation",

-			Description: "allow creating devices inside plugin",

+			Name:        "allow-all-devices",

+			Description: "allow 'rwm' access to all devices",

 			Value:       []string{"true"},

 		})

 	}

@@ -87,7 +87,7 @@ func (p *Plugin) InitSpec(execRoot string) (*specs.Spec, error) {

 		s.Linux.RootfsPropagation = "rshared"

 	}

-	if p.PluginObj.Config.Linux.DeviceCreation {

+	if p.PluginObj.Config.Linux.AllowAllDevices {

 		rwm := "rwm"

 		s.Linux.Resources.Devices = []specs.DeviceCgroup{{Allow: true, Access: &rwm}}

 	}