I do the same X + Wayland + PulseAudio socket mounted inside a (Podman, not Docker) container thing for sandboxing GUI programs like Steam, so that they do not have access to any host resources (especially the filesystem, which Steam has a reputation for not handling well :) ) unless I specifically allow it.
Are you willing to share any of your code, especially for Steam? I'd love to do this as well but had a hell of a time getting X/Wayland and the GPU all mounted in. Gave up after a short time (have too many projects already) and just used the Flatpak, but I'd love to fully containerize it.
https://news.ycombinator.com/item?id=34634854My current one is quite a bit different (based on Debian instead of Ubuntu, additional steps to make VR work, and some other changes) but the parts related to sockets etc are the same.