[lxc-users] How can I expose udev device properties to my unprivileged container?
Forest
forestcode at ixio.org
Sat Jun 13 22:29:36 UTC 2020
I'm trying to get game controllers to work inside an unprivileged container,
without exposing any more host details than necessary. This mostly works:
lxc.mount.entry = /dev/input dev/input none bind,optional,create=dir
lxc.mount.entry = /dev/uinput dev/uinput none bind,optional,create=file
lxc.mount.entry = /dev/hidraw0 dev/hidraw0 none bind,optional,create=file
lxc.mount.entry = /dev/hidraw1 dev/hidraw1 none bind,optional,create=file
lxc.mount.entry = /dev/hidraw2 dev/hidraw2 none bind,optional,create=file
lxc.mount.entry = /dev/hidraw3 dev/hidraw3 none bind,optional,create=file
However, a few games still do not detect the game controllers. I believe
those games are looking for the udev device property ID_INPUT_JOYSTICK=1,
which is missing in the container. (The host's udev lists dozens of
properties for connected game controllers, while the container's udev lists
only five.)
Mounting the host's /run/udev in the container fixes the problematic games,
but also exposes more host information than I would like, and breaks some
apt-get upgrades until I retry them without the bind mount.
Is there a better way to make game controllers' ID_INPUT_JOYSTICK=1 property
visible in the container?
While we're at it, is there a way to make joystick devices visible without
mounting all of /dev/input/*, /dev/uinput, and /dev/hidraw?
lxc: 3.0.4, host: ubuntu 19.10, guest: ubuntu 18.04.
More information about the lxc-users
mailing list