Add joystick access to the sandbox

[hadess]

As done in this patch:

0001-Add-support-for-accessing-joysticks.txt

[hadess]

I looked at the new bubblewrap-using code. Does:

        add_args (argv_array,
                  "--dev-bind", "/dev/input/js0", "/dev/input/js0",
                  NULL);

work if the device in question appears after the application has started? For joysticks, we really want to be able to use them even if the app is already started.

[alexlarsson]

No. In fact, there is no great way to handle that at all, because to create bind mount such as those you need increased privileges, which we have only on startup.
The nicest approach is if we could grant access to an entier directory with only those devices, because then it could later be changed on the host side.

[hadess]

Good thing is that SDL, I'm guessing the primary "legacy" user for this feature, uses udev to discover devices, so we could put it anywhere we wanted in the /dev tree.

We do compile SDL with udev support in the fd.o framework, right?

[alexlarsson]

No, we don't have udev in the runtime, because it needs the database created by udevd, and the udev people (kay) said it is not ABI stable across different versions.

[hadess]

Then that means we can't implement this feature without patching ugly things into SDL :(

[hadess]

Is it feasible to have the whole of /dev/input exported, even if devices other than the joysticks we want to access will be there, but protected through permissions?

This wouldn't fix hotplugging though.

[alexlarsson]

This issue was moved to flatpak/flatpak#7