diff --git a/compose/headless.yml b/compose/headless.yml
index ac894052..c6200139 100644
--- a/compose/headless.yml
+++ b/compose/headless.yml
@@ -16,6 +16,10 @@ services:
 #       BASE_APP_IMAGE: ${BUILD_BASE_APP_IMAGE}
     runtime: ${DOCKER_RUNTIME}
     network_mode: ${UDEVD_NETWORK}
+    # The xorg container needs to be privileged to have access to all of the devices it requires.
+    # NOTE: actually, all it _really_ needs is CAP_SYS_TTY_CONFIG plus a
+    # devices: entry for each required device. Unfortunately, the list of
+    # required devices will vary based on host and is hard to predict.
     privileged: true
     volumes:
       # Shared with Sunshine in order to get mouse and joypad working
@@ -60,12 +64,9 @@ services:
 #     args:
 #       BASE_IMAGE: ${BUILD_BASE_IMAGE}
 #       BASE_APP_IMAGE: ${BUILD_BASE_APP_IMAGE}
-#    # Setting network to host
-#    # There must be a way to avoid this but I can't figure it out
-#    # We need to be on the host network in order to get the PF_NETLINK socket
-#    # You can listen to events even without that socket but Xorg and RetroArch will not pickup the devices
-    network_mode: host
-    privileged: true
+
+    cap_add:
+      - NET_ADMIN
     volumes:
       - udev:/run/udev/
 
diff --git a/images/udevd/Dockerfile b/images/udevd/Dockerfile
index 5d93aa2d..269dff25 100644
--- a/images/udevd/Dockerfile
+++ b/images/udevd/Dockerfile
@@ -9,5 +9,7 @@ RUN apt-get update -y && \
 
 COPY --chmod=777 scripts/startup.sh /opt/gow/startup.sh
 
+ENV UDEVD_QUIET=false
+
 ARG IMAGE_SOURCE
 LABEL org.opencontainers.image.source $IMAGE_SOURCE
diff --git a/images/udevd/scripts/startup.sh b/images/udevd/scripts/startup.sh
index dc73da22..512187bf 100644
--- a/images/udevd/scripts/startup.sh
+++ b/images/udevd/scripts/startup.sh
@@ -1,15 +1,24 @@
 #!/bin/bash
+
 set -e
 
+source /opt/gow/bash-lib/utils.sh
+
 function start_udev() {
 	# mount_dev
     if command -v udevd &>/dev/null; then
-        unshare --net udevd --daemon &> /dev/null
+        nsenter udevd --daemon &> /dev/null
     else
-        unshare --net /lib/systemd/systemd-udevd --daemon &> /dev/null
+        nsenter /lib/systemd/systemd-udevd --daemon &> /dev/null
     fi
-    udevadm trigger &> /dev/null
+    udevadm trigger &> /dev/null || true
 }
 
 start_udev
+
+if [ "${UDEVD_QUIET:-false}" = "true" ]; then
+    # redirect stdout to /dev/null before running udevadm monitor
+    exec >/dev/null
+fi
+
 exec udevadm monitor