[lxc-users] How can I expose udev device properties to my unprivileged container?

[Forest]

I'm trying to get game controllers to work inside an unprivileged container,
without exposing any more host details than necessary.  This mostly works:

lxc.mount.entry = /dev/input dev/input none bind,optional,create=dir
lxc.mount.entry = /dev/uinput dev/uinput none bind,optional,create=file
lxc.mount.entry = /dev/hidraw0 dev/hidraw0 none bind,optional,create=file
lxc.mount.entry = /dev/hidraw1 dev/hidraw1 none bind,optional,create=file
lxc.mount.entry = /dev/hidraw2 dev/hidraw2 none bind,optional,create=file
lxc.mount.entry = /dev/hidraw3 dev/hidraw3 none bind,optional,create=file

However, a few games still do not detect the game controllers.  I believe
those games are looking for the udev device property ID_INPUT_JOYSTICK=1,
which is missing in the container.  (The host's udev lists dozens of
properties for connected game controllers, while the container's udev lists
only five.)

Mounting the host's /run/udev in the container fixes the problematic games,
but also exposes more host information than I would like, and breaks some
apt-get upgrades until I retry them without the bind mount.

Is there a better way to make game controllers' ID_INPUT_JOYSTICK=1 property
visible in the container?

While we're at it, is there a way to make joystick devices visible without
mounting all of /dev/input/*, /dev/uinput, and /dev/hidraw?

lxc: 3.0.4, host: ubuntu 19.10, guest: ubuntu 18.04.