If I understood correctly, it looks like in order to make
evdev to run on the container and allow access to devices on
/dev/*, the container must be set as
privileged which means, the host will map all the devices on the container.
Although it works, it is far from ideal security-wise if you consider the least privilege idea.
So, is there a way to map only the devices I want on a particular container and start
evdev only with them?