mirror of
https://github.com/joleuger/vuinputd.git
synced 2026-07-18 00:45:07 +00:00
37 lines
1.6 KiB
Markdown
37 lines
1.6 KiB
Markdown
# Design Document
|
||
|
||
## 1. Introduction
|
||
|
||
This project provides a safe way to run [Sunshine](https://github.com/LizardByte/Sunshine) inside `systemd-nspawn` containers.
|
||
Sunshine requires creating virtual input devices (`/dev/uinput`) for keyboards, mice, and controllers.
|
||
|
||
Naively exposing `/dev/uinput` from the host into a container breaks isolation: containers could create devices visible to other containers, and the host could even start consuming those devices.
|
||
|
||
---
|
||
|
||
## 2. Design Decisions
|
||
|
||
### 2.1 Where `/dev/uinput` lives
|
||
|
||
* **Decision**: Provide a fake `/dev/vuinput` backed by host proxy. This character device can be bind mounted inside containers to `/dev/uinput`.
|
||
* **Why**: Prevents containers from creating devices visible system-wide.
|
||
|
||
### 2.2 Prevent host from using devices
|
||
|
||
* **Decision**: udev rules strip `ID_INPUT_KEYBOARD` and `ID_INPUT_MOUSE`, set `ID_SEAT=seat_vuinput`.
|
||
* **Why**: Ensures devices are invisible to host input subsystems while still available in containers.
|
||
|
||
### 2.3 udev events in containers
|
||
|
||
* **Decision**: Proxy forwards udev events into the container via netlink.
|
||
* **Why**: Without this, SDL2 and libinput might not recognize devices correctly; with it, containers behave as if devices were created locally.
|
||
|
||
### 2.4 Where to run the proxy
|
||
|
||
* **Decision**: Run proxy on host, one instance per container.
|
||
* **Why**: Only host can safely access `/dev/uinput` and enforce mediation.
|
||
|
||
### 2.5 Security trade-off
|
||
|
||
* **Decision**: Accept that host always sees devices, but enforce rules to stop it consuming them.
|
||
* **Why**: Full input namespaces don’t exist in Linux today; mediation is the practical compromise.
|