In the latest Steam Beta Client for Linux, Valve have added a new way to run Linux games through a special container.
This is something that was being hinted, as we noticed when the new Steam Library was rolled out (noted at the bottom) you could briefly install the Steam Linux Runtime from the Tools menu before it was hidden again. Now we know why!
It's a new experimental feature, allowing you to better isolate games from the host system as detailed in a post on Steam from developer Timothee Besset. As the post from Besset states, it can help Valve support older titles on newer distributions, allow developers to test directly against it reducing QA time, other runtimes can be added using newer compilers and libraries, allow you to isolate your Home folder and a whole lot more.
How to use it
In the Tools menu on Steam, make sure you have the Steam Linux Runtime installed:
Then force it onto a game in the Properties. The same way you would force a particular version of Proton. Right click a game, Properties, then at the bottom you will see this:
Note: You will probably need to restart Steam to have it show up
Seeing issues? Not all games will run, if they don't open a bug report here. See the full post for all the details.
Hat tip to dumpBikes.
Article taken from GamingOnLinux.com.
Some you may have missed, popular articles from the last month:
The comments on this article are closed.
Could this be another hint towards the rumoured cloud service?
1 Likes, Who?
Schattenspiegel Nov 10, 2019
Quoting: vildravnCould this be another hint towards the rumoured cloud service?I'd assume it is more a let's-kill-32-bit (see e.g. ubuntu) fail-safe. Thoughts?
Last edited by Schattenspiegel on 10 November 2019 at 10:50 pm UTC
21 Likes, Who?
buckysrevenge Nov 10, 2019
Quoting: vildravnCould this be another hint towards the rumoured cloud service?My thoughts exactly
0 Likes
> allow you to isolate your Home folder
I hope it will finally allow users on SteamOS have separate game/achievement progress even if the game saves it to $HOME instead of e.g. steam cloud. Also good for the sake of keeping $HOME tidy, although that I've already accomplished by other means (`HOME=~/saves steam`).
I hope it will finally allow users on SteamOS have separate game/achievement progress even if the game saves it to $HOME instead of e.g. steam cloud. Also good for the sake of keeping $HOME tidy, although that I've already accomplished by other means (`HOME=~/saves steam`).
3 Likes, Who?
Cloversheen Nov 10, 2019
Quoting: SchattenspiegelQuoting: vildravnCould this be another hint towards the rumoured cloud service?I'd assume it is more a let's-kill-32-bit (see e.g. ubuntu) fail-safe. Thoughts?
Reading the announcement it seems likely that you are spot-on.
Also likely to try and deal with games that have peculiar dependencies that they did not consider bundling with the game and breaks on newer version of libs etc.
5 Likes, Who?
Cloversheen Nov 10, 2019
Quoting: pb> allow you to isolate your Home folder
I hope it will finally allow users on SteamOS have separate game/achievement progress even if the game saves it to $HOME instead of e.g. steam cloud. Also good for the sake of keeping $HOME tidy, although that I've already accomplished by other means (`HOME=~/saves steam`).
:O
How come I've never thought about such a simple solution to keeping games from cluttering up my home? Any gotchas you've found with that solution so far?
2 Likes, Who?
Quoting: shorbergQuoting: pb> allow you to isolate your Home folder
I hope it will finally allow users on SteamOS have separate game/achievement progress even if the game saves it to $HOME instead of e.g. steam cloud. Also good for the sake of keeping $HOME tidy, although that I've already accomplished by other means (`HOME=~/saves steam`).
:O
How come I've never thought about such a simple solution to keeping games from cluttering up my home? Any gotchas you've found with that solution so far?
I do the same on one of my systems. Be sure to symlink .config/pulse, so that your default audio device is respected. There might also something to do with default browser, etc. And of course, don't forget to always launch it that way :)
Thankfully there is an EULA that's displayed if I run it off the wrong path, so I can just discard that.
I've been having more and more concerns about isolating proprietary software and the RCE tools that are multiplayer games from my system. Nowadays, I run steam inside a flatpak, which works pretty well (only the binding of Isaac doesn't like it, but there is the steamplay version, even if I have to cope with slowdowns). This also has the added benefit of uncluttering my $HOME.
This development is interesting, though (a shame they're not using ostree/flatpaks). From what I understood, you cannot enable both tis and SteamPlay globally?
Edit: maybe they are using flatpaks, looking at the naming convention?
Edit 2: likely!
QuoteThe unofficial flatpak distribution of the Steam client is not compatible at this time.That's a bummer. I'm looking forward to their improvements!
The flatpak solution wraps the entire Steam client, whereas Valve's approach is to wrap individual games first. Both approaches rely on the same technologies and we are looking into improving compatibility in the future.
Last edited by MayeulC on 11 November 2019 at 12:07 am UTC
2 Likes, Who?
0 Likes
Quoting: shorbergHow come I've never thought about such a simple solution to keeping games from cluttering up my home? Any gotchas you've found with that solution so far?
I had to move or symlink some stuff in .config and .local/share but I've done it along the way when something didn't work etc. One example is .local/share/vulkan, the other is .config/pulse already mentioned by MayeulC. Also symlinked .config/godot so that I can run it either from steam or directly and have the same stuff. And of course it took some time to move all the clutter from $HOME because games can save their stuff in the most obscure places...
Last edited by pb on 11 November 2019 at 3:15 am UTC
3 Likes, Who?
Nevertheless Nov 11, 2019
Quoting: pbQuoting: shorbergHow come I've never thought about such a simple solution to keeping games from cluttering up my home? Any gotchas you've found with that solution so far?
I had to move or symlink some stuff in .config and .local/share but I've done it along the way when something didn't work etc. One example is .local/share/vulkan, the other is .config/pulse already mentioned by MayeulC. Also symlinked .config/godot so that I can run it either from steam or directly and have the same stuff. And of course it took some time to move all the clutter from $HOME because games can save their stuff in the most obscure places...
Another solution is starting Steam with
firejail --private=/another-directory steam, which then uses "another-directory" as home dir for Steam. Or you could use the Flatpak Steam install.
2 Likes, Who?
Quoting: NeverthelessAnother solution is starting Steam with firejail --private=/another-directory steam, which then uses "another-directory" as home dir for Steam. Or you could use the Flatpak Steam install.Is using flatpak Steam producing the same behavior as setting the HOME env variable?It certainly limits the Steam app, but is it true as well for the games launched from it?
0 Likes
rustybroomhandle Nov 11, 2019
This might also be a thing that could go towards satisfying Easy Anticheat's requirements, without making changes to the OS, which the average Linux user would not have liked.
3 Likes, Who?
Nevertheless Nov 11, 2019
Quoting: CreakQuoting: NeverthelessAnother solution is starting Steam withIs using flatpak Steam producing the same behavior as setting the HOME env variable?firejail --private=/another-directory steam, which then uses "another-directory" as home dir for Steam. Or you could use the Flatpak Steam install.
It certainly limits the Steam app, but is it true as well for the games launched from it?
Flatpak is a container solution that installs programs into sandbox directories and isolates them from your system. It provides programs with everything they need, from dependencies to all needed system files. From your system it only sees the kernel, drivers and directories you configure it to see and use. It does even provide 32bit libraries on pure 64bit systems.
More here: flatpak.org
1 Likes, Who?
Quoting: ShmerlIs it using lxc?
It sounds from their blog post like they're using bubblewrap - or possibly even Flatpak. (which would also mean bubblewrap)
1 Likes, Who?
Finally some real improvements. It always bothered me to just download and run 3rd party applications on my machine. But locking them down into their own container is absolutely necessary to get out of this security hell that's called steam.
Don't get me wrong, I love steam. But it is a security nightmare.
Any app can grab your / and send it to $someoneelse because there is 0 checks on that.
They don't even have to hide the scripts.
There are so many developers on steam, you can't keep them in check.
But containerizing it is what's really necessary, and it has a lot of benefits.
Don't get me wrong, I love steam. But it is a security nightmare.
Any app can grab your / and send it to $someoneelse because there is 0 checks on that.
They don't even have to hide the scripts.
There are so many developers on steam, you can't keep them in check.
But containerizing it is what's really necessary, and it has a lot of benefits.
8 Likes, Who?
Doc Angelo Nov 11, 2019
Finally they're doing this (if they actually make it impossible for apps to access the users home directory). Running closed source binaries on your system with the rights of your own user is really nothing but a security nightmare. Any stupid little game can fetch your bookmarks, your documents, your SSH keys (!) and whatever else it might be interested in. If you take that in mind, any big Steam sale could be seen as poking little holes into your privacy protection... for many one big reason they use Linux in the first place. But, the same is true for the Steam client itself. It also is a closed source binary, so itself should be run in a container as well.
I use firejail for that right now, but sadly some games don't like that and don't work anymore. It's just some of them. Would be awesome if Valve would make Steam run itself in a proper container that doesn't lead to problems with games.
I use firejail for that right now, but sadly some games don't like that and don't work anymore. It's just some of them. Would be awesome if Valve would make Steam run itself in a proper container that doesn't lead to problems with games.
5 Likes, Who?
Quoting: NeverthelessFlatpak is a container solution that installs programs into sandbox directories and isolates them from your system.Flatpak does not sandbox applications *unless* the flatpak requests it. It would be interesting once it starts enforcing it.
I don't know how steam flatpak is packaged though. With or without a request for containerizing.
0 Likes
Quoting: ShmerlIs it using lxc?If you mean the kernel side of LXC, yes. Those are called namespaces and containergroups.
LXC is a userspace commandline interface to the kernel API.
For instance: you don't have to use LXC to setup a second seperate IP stack with it's own firewalling, all you need is to use ip (from iproute(2)).
1 Likes, Who?
Quoting: ArdjeFlatpak does not sandbox applications *unless* the flatpak requests it. It would be interesting once it starts enforcing it.It's the other way around: Everything is sandboxed & the application requests (at install time) access to resources. By using Portals access can also be handled at runtime, but this is limited to the available portals:
I don't know how steam flatpak is packaged though. With or without a request for containerizing.
Flatpak Sandboxes
Flatpak Sandbox Permissions
Steam requires a lot of access but not to the whole root- or home-folder (Steam Flatpak manifest.
4 Likes, Who?
Patreon
PayPal
See more from me