diff --git a/containerd/containerd.go b/containerd/containerd.go
index 5fa3c42..e57d647 100644
--- a/containerd/containerd.go
+++ b/containerd/containerd.go
@@ -56,6 +56,11 @@ func (d *Driver) createContainer(image containerd.Image, containerName, containe
 
 	opts = append(opts, oci.WithEnv(env))
 
+	// Add linux devices into the container.
+	for _, device := range config.Devices {
+		opts = append(opts, oci.WithLinuxDevice(device, "rwm"))
+	}
+
 	return d.client.NewContainer(
 		d.ctxContainerd,
 		containerName,
diff --git a/containerd/driver.go b/containerd/driver.go
index 67a532f..731109f 100644
--- a/containerd/driver.go
+++ b/containerd/driver.go
@@ -74,6 +74,7 @@ var (
 		"args":            hclspec.NewAttr("args", "list(string)", false),
 		"cap_add":         hclspec.NewAttr("cap_add", "list(string)", false),
 		"cap_drop":        hclspec.NewAttr("cap_drop", "list(string)", false),
+		"devices":         hclspec.NewAttr("devices", "list(string)", false),
 		"privileged":      hclspec.NewAttr("privileged", "bool", false),
 		"readonly_rootfs": hclspec.NewAttr("readonly_rootfs", "bool", false),
 	})
@@ -103,6 +104,7 @@ type TaskConfig struct {
 	Args           []string `codec:"args"`
 	CapAdd         []string `codec:"cap_add"`
 	CapDrop        []string `codec:"cap_drop"`
+	Devices        []string `codec:"devices"`
 	Privileged     bool     `codec:"privileged"`
 	ReadOnlyRootfs bool     `codec:"readonly_rootfs"`
 }