Dear Fil,

I am not sure if my answer can help you.

I had ever asked a similar question to Daniel and I was using a thirty-party card. As a container uses a shared kernel with the host, so hostdev mode='subsystem' doesn’t make sense. Maybe you can try to use hostdev mode='capabilities’. Please see http://libvirt.org/formatdomain.html#elementsHostDevCaps

Hope this helps

Cheng Wang