From 5837843aa2b9b70fdaa6c4d6920eea4a8e61f795 Mon Sep 17 00:00:00 2001
From: "Josh.5" <jsunnex@gmail.com>
Date: Tue, 22 Aug 2023 14:58:27 +1200
Subject: [PATCH] Disable Udev on unprivileged container

---
 overlay/etc/cont-init.d/30-configure_udev.sh | 20 ++++++++++++++------
 overlay/usr/bin/start-xorg.sh                |  4 +++-
 2 files changed, 17 insertions(+), 7 deletions(-)

diff --git a/overlay/etc/cont-init.d/30-configure_udev.sh b/overlay/etc/cont-init.d/30-configure_udev.sh
index 23310b9..d44cbfa 100644
--- a/overlay/etc/cont-init.d/30-configure_udev.sh
+++ b/overlay/etc/cont-init.d/30-configure_udev.sh
@@ -23,15 +23,23 @@ rm -rf "${tmp_mount}"
 
 
 if [[ "${is_privileged}" == "true" ]]; then
-    echo "**** Configure container to run udev management ****";
-    # Enable supervisord script
-    sed -i 's|^autostart.*=.*$|autostart=true|' /etc/supervisor.d/udev.ini
-    # Configure udev permissions
-    if [[ -f /lib/udev/rules.d/60-steam-input.rules ]]; then
-        sed -i 's/MODE="0660"/MODE="0666"/' /lib/udev/rules.d/60-steam-input.rules
+    # Since this container may also be run with CAP_SYS_ADMIN, ensure we can actually execute "udevadm trigger"
+    if udevadm trigger &> /dev/null; then
+        echo "**** Configure container to run udev management ****";
+        # Enable supervisord script
+        sed -i 's|^autostart.*=.*$|autostart=true|' /etc/supervisor.d/udev.ini
+        # Configure udev permissions
+        if [[ -f /lib/udev/rules.d/60-steam-input.rules ]]; then
+            sed -i 's/MODE="0660"/MODE="0666"/' /lib/udev/rules.d/60-steam-input.rules
+        fi
+    else
+        # Disable supervisord script since we are not able to execute "udevadm trigger"
+        echo "**** Disable udev service due to privilege restrictions ****";
+        sed -i 's|^autostart.*=.*$|autostart=false|' /etc/supervisor.d/udev.ini
     fi
 else
     # Disable supervisord script
+    echo "**** Disable udev service ****";
     sed -i 's|^autostart.*=.*$|autostart=false|' /etc/supervisor.d/udev.ini
 fi
 
diff --git a/overlay/usr/bin/start-xorg.sh b/overlay/usr/bin/start-xorg.sh
index 4ca5d0f..d115c20 100755
--- a/overlay/usr/bin/start-xorg.sh
+++ b/overlay/usr/bin/start-xorg.sh
@@ -20,7 +20,9 @@ trap _term SIGTERM SIGINT
 
 # EXECUTE PROCESS:
 # Wait for udev
-wait_for_udev
+if [ $(grep autostart /etc/supervisor.d/udev.ini 2> /dev/null) == "autostart=true" ]; then
+    wait_for_udev
+fi
 # Run X server
 /usr/bin/Xorg \
     -ac \