A more secure way to pass Bluetooth to container?

I needed to provide Bluetooth to a Docker container. However, I didn’t like the ways I’ve found:

a. Adding excessive privileges to the container.
b. Passing whole system D-Bus to the container, essentially giving the container quite much power.

As a result, I’ve decided to create a separate D-Bus instance just for Bluez: GitHub - v6ak/bluesand