I know this is an older post but I was having trouble with hot-plugging and wanted to share the solution that worked for me. It combines the udevadm commands from this post with the volume mounting from another post (similar to what is seen in the Balena base image here). Note that someone in that post mentions there is a security risk with allowing hot-plugging for all devices. I also had to reorder the udevadm commands listed in this post.
This is the relevant part of my Dockerfile that allows hot-plugging for me.
ENV UDEV=on
# Create entrypoint script
RUN echo '#!/bin/bash\n\
newdev="/tmp/dev"\n\
mkdir -p "$newdev"\n\
mount -t devtmpfs none "$newdev"\n\
\n\
# Create mount points before moving\n\
mkdir -p "$newdev/shm"\n\
mkdir -p "$newdev/mqueue"\n\
mkdir -p "$newdev/pts"\n\
touch "$newdev/console"\n\
\n\
# Move existing mounts\n\
mount --move /dev/console "$newdev/console"\n\
mount --move /dev/mqueue "$newdev/mqueue"\n\
mount --move /dev/pts "$newdev/pts"\n\
mount --move /dev/shm "$newdev/shm"\n\
umount /dev || true\n\
mount --move "$newdev" /dev\n\
\n\
# Setup ptmx symlink\n\
ln -sf /dev/pts/ptmx /dev/ptmx\n\
\n\
# Setup debugfs if not already mounted\n\
sysfs_dir="/sys/kernel/debug"\n\
if ! mountpoint -q "$sysfs_dir"; then\n\
mount -t debugfs nodev "$sysfs_dir"\n\
fi\n\
\n\
if which udevadm > /dev/null; then\n\
set +e # Disable exit on error\n\
unshare --net /lib/systemd/systemd-udevd --daemon\n\
service udev restart\n\
udevadm control --reload-rules\n\
udevadm trigger\n\
set -e # Re-enable exit on error\n\
fi\n\
exec "$@"' > /usr/local/bin/entrypoint.sh && \
chmod +x /usr/local/bin/entrypoint.sh
ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]