View previous topic :: View next topic |
Author |
Message |
Shadow_Fury Apprentice
Joined: 20 Apr 2021 Posts: 196 Location: 11.435765792823453, 143.05926743686274
|
Posted: Thu Nov 07, 2024 12:04 am Post subject: (openRC) attempting to sandbox steam using bubblewrap |
|
|
I'm trying to sandbox steam. i set up the environment following the wiki, but am trying to use a bubble wrap script instead of the non-working chroot script
(see thread here)
unfortunately, whilst the steam wrapper launches and appears to check/download updates (even generating an X window briefly), steam itself never launches
ideas for the correct bwrap args are welcome
bwrap script snip:
Code: |
PROXYSOCK=$(mktemp "/tmp/.dbus-steam.XXXXXXXXXX")
xdg-dbus-proxy "${DBUS_SESSION_BUS_ADDRESS}" "${PROXYSOCK}" &
PROXY_PID=$!
sleep 0.01
kill -0 "${PROXY_PID}" 2>/dev/null || exit 4
linux64 bwrap \
--bind "${chroot_dir}" / \
--tmpfs /tmp \
--dev-bind /dev /dev \
--proc /proc \
--ro-bind /sys /sys \
--ro-bind /var/db/repos/gentoo /var/db/repos/gentoo \
--ro-bind /etc/resolv.conf /etc/resolv.conf \
--ro-bind /etc/machine-id /etc/machine-id \
--bind /run/user/1000 /run/user/1000 \
--ro-bind /etc /etc \
--ro-bind $XAUTHORITY $XAUTHORITY \
--bind /tmp/.X11-unix/X0 /tmp/.X11-unix/X0 \
--bind "${PROXYSOCK}" /run/user/1000/bus \
--setenv HOME "/home/steam" \
--setenv LANG "$LANG" \
--setenv PATH "$PATH" \
--setenv DISPLAY "$DISPLAY" \
--setenv DBUS_SESSION_BUS_ADDRESS "/run/user/1000/bus" \
--unshare-all \
--as-pid-1 \
--share-net \
--new-session \
--die-with-parent \
--share-net \
--uid 1000 \
--gid 1000 \
--chdir "/home/steam" \
steam
|
console output when launching:
Code: |
steam.sh[1]: Running Steam on gentoo 1.0.0.81 64-bit
steam.sh[1]: STEAM_RUNTIME is enabled by the user
setup.sh[64]: Steam runtime environment up-to-date!
steam.sh[1]: Steam client's requirements are satisfied
CProcessEnvironmentManager is ready, 6 preallocated environment variables.
WARNING: setlocale('en_US.UTF-8') failed, using locale: 'C'. International characters may not work.
[2024-11-07 00:01:59] Startup - updater built Nov 5 2024 21:33:18
[2024-11-07 00:01:59] Startup - Steam Client launched with: '/home/steam/.local/share/Steam/ubuntu12_32/steam' '-srt-logger-opened'
11/07 00:01:59 minidumps folder is set to /tmp/dumps
11/07 00:01:59 Init: Installing breakpad exception handler for appid(steam)/version(1730853027)/tid(110)
Looks like steam didn't shutdown cleanly, scheduling immediate update check
[2024-11-07 00:01:59] Loading cached metrics from disk (/home/steam/.local/share/Steam/package/steam_client_metrics.bin)
[2024-11-07 00:01:59] Failed to load cached hosts file (File 'update_hosts_cached.vdf' not found), using defaults
[2024-11-07 00:01:59] Using the following download hosts for Public, Realm steamglobal
[2024-11-07 00:01:59] 1. https://client-update.steamstatic.com, /, Realm 'steamglobal', weight was 1, source = 'baked in'
[2024-11-07 00:01:59] Checking for update on startup
[2024-11-07 00:01:59] Checking for available updates...
[2024-11-07 00:01:59] Downloading manifest: https://client-update.steamstatic.com/steam_client_ubuntu12
[2024-11-07 00:01:59] Manifest download: send request
[2024-11-07 00:01:59] Manifest download: waiting for download to finish
[2024-11-07 00:02:00] Manifest download: finished
[2024-11-07 00:02:00] Download skipped: /steam_client_ubuntu12 version 1730853027, installed version 1730853027, existing pending version 0
[2024-11-07 00:02:00] Nothing to do
[2024-11-07 00:02:00] Verifying installation...
[2024-11-07 00:02:00] Performing checksum verification of executable files
[2024-11-07 00:02:00] Verification complete
UpdateUI: skip show logo
Steam logging initialized: directory: /home/steam/.local/share/Steam/logs
XRRGetOutputInfo Workaround: initialized with override: 0 real: 0xf65b75a0
XRRGetCrtcInfo Workaround: initialized with override: 0 real: 0xf65b5f60
steamwebhelper.sh[116]: Using supervisor /home/steam/.steam/root/ubuntu12_32/steam-runtime/amd64/usr/bin/steam-runtime-supervisor
steamwebhelper.sh[116]: Starting steamwebhelper under bootstrap sniper steam runtime via /home/steam/.local/share/Steam/ubuntu12_64/steam-runtime-sniper.sh
steamwebhelper.sh[116]: Using CEF sandbox \(try with -no-cef-sandbox if this fails\)
steamwebhelper.sh[116]: Starting steamwebhelper with Sniper steam runtime at /home/steam/.local/share/Steam/ubuntu12_64/steam-runtime-sniper/_v2-entry-point
src/vgui2/src/surface_linux.cpp (1954) : glXChooseVisual failed
src/vgui2/src/surface_linux.cpp (1954) : glXChooseVisual failed
src/vgui2/src/surface_linux.cpp (1954) : Fatal assert; application exiting
src/vgui2/src/surface_linux.cpp (1954) : Fatal assert; application exiting
11/07 00:02:01 Init: Installing breakpad exception handler for appid(steam)/version(1730853027)/tid(110)
assert_20241107000201_8.dmp[173]: Uploading dump (out-of-process)
/tmp/dumps/assert_20241107000201_8.dmp
|
|
|
Back to top |
|
|
Juippisi Developer
Joined: 30 Sep 2005 Posts: 755 Location: /home
|
Posted: Thu Nov 07, 2024 8:16 am Post subject: |
|
|
I mean... at this point, aren't you just better using flatpak directly? |
|
Back to top |
|
|
Shadow_Fury Apprentice
Joined: 20 Apr 2021 Posts: 196 Location: 11.435765792823453, 143.05926743686274
|
Posted: Thu Nov 07, 2024 12:47 pm Post subject: |
|
|
Juippisi wrote: | I mean... at this point, aren't you just better using flatpak directly? |
i admit that would be easier for a similar effect, but i want to learn how to use bubblewrap. i want to sandbox other thing that i install from portage, and i figured steam is probably one of the more difficult things to get to play nice in a sandbox. |
|
Back to top |
|
|
toralf Developer
Joined: 01 Feb 2004 Posts: 3940 Location: Hamburg
|
|
Back to top |
|
|
Shadow_Fury Apprentice
Joined: 20 Apr 2021 Posts: 196 Location: 11.435765792823453, 143.05926743686274
|
Posted: Thu Nov 07, 2024 7:35 pm Post subject: |
|
|
decided to check whether openGL works properly in the sandbox and got the following:
glxinfo:
Code: |
name of display: :0
Error: couldn't find RGB GLX visual or fbconfig
|
glxgears:
Code: |
Error: couldn't get an RGB, Double-buffered visual
|
both work fine outside the sandbox. |
|
Back to top |
|
|
|