Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
(openRC) attempting to sandbox steam using bubblewrap
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Gamers & Players
View previous topic :: View next topic  
Author Message
Shadow_Fury
Apprentice
Apprentice


Joined: 20 Apr 2021
Posts: 184
Location: 11.435765792823453, 143.05926743686274

PostPosted: Thu Nov 07, 2024 12:04 am    Post subject: (openRC) attempting to sandbox steam using bubblewrap Reply with quote

I'm trying to sandbox steam. i set up the environment following the wiki, but am trying to use a bubble wrap script instead of the non-working chroot script
(see thread here)

unfortunately, whilst the steam wrapper launches and appears to check/download updates (even generating an X window briefly), steam itself never launches

ideas for the correct bwrap args are welcome

bwrap script snip:
Code:

PROXYSOCK=$(mktemp "/tmp/.dbus-steam.XXXXXXXXXX")

xdg-dbus-proxy "${DBUS_SESSION_BUS_ADDRESS}" "${PROXYSOCK}" &
PROXY_PID=$!
sleep 0.01
kill -0 "${PROXY_PID}" 2>/dev/null || exit 4

linux64  bwrap \
--bind "${chroot_dir}" / \
--tmpfs /tmp \
--dev-bind /dev /dev \
--proc /proc \
--ro-bind /sys /sys \
--ro-bind /var/db/repos/gentoo /var/db/repos/gentoo \
--ro-bind /etc/resolv.conf /etc/resolv.conf \
--ro-bind /etc/machine-id /etc/machine-id \
--bind /run/user/1000 /run/user/1000 \
--ro-bind /etc /etc \
--ro-bind $XAUTHORITY $XAUTHORITY \
--bind /tmp/.X11-unix/X0 /tmp/.X11-unix/X0 \
--bind "${PROXYSOCK}" /run/user/1000/bus \
--setenv HOME "/home/steam" \
--setenv LANG "$LANG" \
--setenv PATH "$PATH" \
--setenv DISPLAY "$DISPLAY" \
--setenv DBUS_SESSION_BUS_ADDRESS "/run/user/1000/bus" \
--unshare-all \
--as-pid-1 \
--share-net \
--new-session \
--die-with-parent \
--share-net \
--uid 1000 \
--gid 1000 \
--chdir "/home/steam" \
steam


console output when launching:
Code:

steam.sh[1]: Running Steam on gentoo 1.0.0.81 64-bit
steam.sh[1]: STEAM_RUNTIME is enabled by the user
setup.sh[64]: Steam runtime environment up-to-date!
steam.sh[1]: Steam client's requirements are satisfied
CProcessEnvironmentManager is ready, 6 preallocated environment variables.
WARNING: setlocale('en_US.UTF-8') failed, using locale: 'C'. International characters may not work.
[2024-11-07 00:01:59] Startup - updater built Nov  5 2024 21:33:18
[2024-11-07 00:01:59] Startup - Steam Client launched with: '/home/steam/.local/share/Steam/ubuntu12_32/steam' '-srt-logger-opened'
11/07 00:01:59 minidumps folder is set to /tmp/dumps
11/07 00:01:59 Init: Installing breakpad exception handler for appid(steam)/version(1730853027)/tid(110)
Looks like steam didn't shutdown cleanly, scheduling immediate update check
[2024-11-07 00:01:59] Loading cached metrics from disk (/home/steam/.local/share/Steam/package/steam_client_metrics.bin)
[2024-11-07 00:01:59] Failed to load cached hosts file (File 'update_hosts_cached.vdf' not found), using defaults
[2024-11-07 00:01:59] Using the following download hosts for Public, Realm steamglobal
[2024-11-07 00:01:59] 1. https://client-update.steamstatic.com, /, Realm 'steamglobal', weight was 1, source = 'baked in'
[2024-11-07 00:01:59] Checking for update on startup
[2024-11-07 00:01:59] Checking for available updates...
[2024-11-07 00:01:59] Downloading manifest: https://client-update.steamstatic.com/steam_client_ubuntu12
[2024-11-07 00:01:59] Manifest download: send request
[2024-11-07 00:01:59] Manifest download: waiting for download to finish
[2024-11-07 00:02:00] Manifest download: finished
[2024-11-07 00:02:00] Download skipped: /steam_client_ubuntu12 version 1730853027, installed version 1730853027, existing pending version 0
[2024-11-07 00:02:00] Nothing to do
[2024-11-07 00:02:00] Verifying installation...
[2024-11-07 00:02:00] Performing checksum verification of executable files
[2024-11-07 00:02:00] Verification complete
UpdateUI: skip show logo
Steam logging initialized: directory: /home/steam/.local/share/Steam/logs

XRRGetOutputInfo Workaround: initialized with override: 0 real: 0xf65b75a0
XRRGetCrtcInfo Workaround: initialized with override: 0 real: 0xf65b5f60
steamwebhelper.sh[116]: Using supervisor /home/steam/.steam/root/ubuntu12_32/steam-runtime/amd64/usr/bin/steam-runtime-supervisor
steamwebhelper.sh[116]: Starting steamwebhelper under bootstrap sniper steam runtime via /home/steam/.local/share/Steam/ubuntu12_64/steam-runtime-sniper.sh
steamwebhelper.sh[116]: Using CEF sandbox \(try with -no-cef-sandbox if this fails\)
steamwebhelper.sh[116]: Starting steamwebhelper with Sniper steam runtime at /home/steam/.local/share/Steam/ubuntu12_64/steam-runtime-sniper/_v2-entry-point
src/vgui2/src/surface_linux.cpp (1954) : glXChooseVisual failed
src/vgui2/src/surface_linux.cpp (1954) : glXChooseVisual failed
src/vgui2/src/surface_linux.cpp (1954) : Fatal assert; application exiting
src/vgui2/src/surface_linux.cpp (1954) : Fatal assert; application exiting
11/07 00:02:01 Init: Installing breakpad exception handler for appid(steam)/version(1730853027)/tid(110)
assert_20241107000201_8.dmp[173]: Uploading dump (out-of-process)
/tmp/dumps/assert_20241107000201_8.dmp
Back to top
View user's profile Send private message
Juippisi
Developer
Developer


Joined: 30 Sep 2005
Posts: 750
Location: /home

PostPosted: Thu Nov 07, 2024 8:16 am    Post subject: Reply with quote

I mean... at this point, aren't you just better using flatpak directly?
Back to top
View user's profile Send private message
Shadow_Fury
Apprentice
Apprentice


Joined: 20 Apr 2021
Posts: 184
Location: 11.435765792823453, 143.05926743686274

PostPosted: Thu Nov 07, 2024 12:47 pm    Post subject: Reply with quote

Juippisi wrote:
I mean... at this point, aren't you just better using flatpak directly?


i admit that would be easier for a similar effect, but i want to learn how to use bubblewrap. i want to sandbox other thing that i install from portage, and i figured steam is probably one of the more difficult things to get to play nice in a sandbox.
Back to top
View user's profile Send private message
toralf
Developer
Developer


Joined: 01 Feb 2004
Posts: 3939
Location: Hamburg

PostPosted: Thu Nov 07, 2024 4:44 pm    Post subject: Reply with quote

Hhm, I use bubblewrap to chain emerge for tinderboxing, but maybe it helps: https://github.com/toralf/tinderbox/blob/main/bin/bwrap.sh#L76
Back to top
View user's profile Send private message
Shadow_Fury
Apprentice
Apprentice


Joined: 20 Apr 2021
Posts: 184
Location: 11.435765792823453, 143.05926743686274

PostPosted: Thu Nov 07, 2024 7:35 pm    Post subject: Reply with quote

decided to check whether openGL works properly in the sandbox and got the following:

glxinfo:
Code:

name of display: :0
Error: couldn't find RGB GLX visual or fbconfig

glxgears:
Code:

Error: couldn't get an RGB, Double-buffered visual


both work fine outside the sandbox.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Gamers & Players All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum