Change Details

A big security advantage of Wayland is not allowing applications to read input devices all the time. Having `/dev/input/*` accessible to the user account subverts this advantage. libudev-devd was opening the evdev devices to detect their types (mouse, keyboard, touchpad, etc). This does not work when `/dev/input/*` is inaccessible. With the kernel exposing this information as sysctls, we can work without `/dev/input/*` access, preserving the Wayland security model. The devctl notification is not important for this, but it makes more devd rules possible.

A big security advantage of Wayland is not allowing applications to read input devices all the time. Having `/dev/input/*` accessible to the user account subverts this advantage. libudev-devd was opening the evdev devices to detect their types (mouse, keyboard, touchpad, etc). This does not work when `/dev/input/*` is inaccessible. With the kernel exposing this information as sysctls, we can work without `/dev/input/*` access, preserving the Wayland security model. The devctl notification is not important for this, but it makes more devd rules possible. p.s. would be nice to see this MFC to 12

A big security advantage of Wayland is not allowing applications to read input devices all the time. Having `/dev/input/*` accessible to the user account subverts this advantage. libudev-devd was opening the evdev devices to detect their types (mouse, keyboard, touchpad, etc). This does not work when `/dev/input/*` is inaccessible. With the kernel exposing this information as sysctls, we can work without `/dev/input/*` access, preserving the Wayland security model. The devctl notification is not important for this, but it makes more devd rules possible. p.s. would be nice to see this MFC to 12