Can fusuma use flatpak: `device=input|all` permission instead of requiring `input` group?
Is your feature request related to a problem? Please describe.
IMPORTANT: This makes /dev/input/ readable, so if that's an issue for you for some reason (like for privacy- or securityconcerns etc. or if it causes other parts of your OS to misbehave), consider this your heads-up.
Describe the solution you'd like Can flatpak solve this ? https://docs.flatpak.org/en/latest/sandbox-permissions.html#device-access
I'm not very familiar with Flatpak, but for Fusuma, if we can control access to /dev/input, we might not need the input group for libinput.
Also, fusuma-plugin-remap uses /dev/uinput to create virtual devices, which needs extra permissions.
Projects that use Flatpak, like Steam or other key remappers, might be useful to look at.
It could also be useful to see if we can run without the input group by using systemd to run as root.
a Flatpak app runs as your user, so at best it can do what your user can do. --device=input merely provides access to the device nodes.
I asked on flatpak-Matrix, and flatpak solution won't work.
@iberianpig found it on how steam-input works --> (TLDR: udev-rule granting tag:uaccess)
- https://www.reddit.com/r/archlinux/comments/viss0k/having_steam_installed_gives_your_user_readwrite/
- https://wiki.archlinux.org/title/Gamepad#Device_permissions
- https://github.com/ValveSoftware/steam-devices/blob/master/60-steam-input.rules
Granting access to uinput and touchpad is better that being part of input group.
Here's an example of udev rule for touchpad that i am using.
- Got the attributes by running
sudo evtestand then selecting events which i though belong to touchpad, performing action on touchpad to see if output shows in evtest. Then using$ udevadm info --attribute-walk --name=/dev/input/<event-id>to get attributes. - Using udev rule from steaminput for
uinput
Thanks for sharing your ideas!
I really think it’s better to give access to uinput and the touchpad instead of being part of the input group.
Making udev rules sounds like a good plan. It will help control which devices we can use. If we could also create a simple helper script for Fusuma users installation, that would make setting things up much easier.
Additionally, I'd like to know if there are alternative methods for getting device attributes besides using evtest for making helper script.