Confused on Steam Play and Proton? Be sure to check out our guide.
We do often include affiliate links to earn us some pennies. See more here.

Steam for Linux can now run games in a special container

By -
Last updated: 11 Nov 2019 at 2:09 pm UTC

In the latest Steam Beta Client for Linux, Valve have added a new way to run Linux games through a special container.

This is something that was being hinted, as we noticed when the new Steam Library was rolled out (noted at the bottom) you could briefly install the Steam Linux Runtime from the Tools menu before it was hidden again. Now we know why!

It's a new experimental feature, allowing you to better isolate games from the host system as detailed in a post on Steam from developer Timothee Besset. As the post from Besset states, it can help Valve support older titles on newer distributions, allow developers to test directly against it reducing QA time, other runtimes can be added using newer compilers and libraries, allow you to isolate your Home folder and a whole lot more.

How to use it

In the Tools menu on Steam, make sure you have the Steam Linux Runtime installed:

Then force it onto a game in the Properties. The same way you would force a particular version of Proton. Right click a game, Properties, then at the bottom you will see this:

Note: You will probably need to restart Steam to have it show up

Seeing issues? Not all games will run, if they don't open a bug report here. See the full post for all the details.

Hat tip to dumpBikes.

Article taken from GamingOnLinux.com.
Tags: Beta, Steam
42 Likes
About the author -
author picture
I am the owner of GamingOnLinux. After discovering Linux back in the days of Mandrake in 2003, I constantly checked on the progress of Linux until Ubuntu appeared on the scene and it helped me to really love it. You can reach me easily by emailing GamingOnLinux directly. You can also follow my personal adventures on Bluesky.
See more from me
The comments on this article are closed.
All posts need to follow our rules. For users logged in: please hit the Report Flag icon on any post that breaks the rules or contains illegal / harmful content. Guest readers can email us for any issues.
32 comments Subscribe
Page: 1/2»
  Go to:

vildravn 10 Nov 2019
Could this be another hint towards the rumoured cloud service?
Schattenspiegel 10 Nov 2019
Could this be another hint towards the rumoured cloud service?
I'd assume it is more a let's-kill-32-bit (see e.g. ubuntu) fail-safe. Thoughts?


Last edited by Schattenspiegel on 10 Nov 2019 at 10:50 pm UTC
buckysrevenge 10 Nov 2019
Could this be another hint towards the rumoured cloud service?
My thoughts exactly
pb 10 Nov 2019
> allow you to isolate your Home folder

I hope it will finally allow users on SteamOS have separate game/achievement progress even if the game saves it to $HOME instead of e.g. steam cloud. Also good for the sake of keeping $HOME tidy, although that I've already accomplished by other means (`HOME=~/saves steam`).
Cloversheen 10 Nov 2019
Could this be another hint towards the rumoured cloud service?
I'd assume it is more a let's-kill-32-bit (see e.g. ubuntu) fail-safe. Thoughts?

Reading the announcement it seems likely that you are spot-on.

Also likely to try and deal with games that have peculiar dependencies that they did not consider bundling with the game and breaks on newer version of libs etc.
Cloversheen 10 Nov 2019
> allow you to isolate your Home folder

I hope it will finally allow users on SteamOS have separate game/achievement progress even if the game saves it to $HOME instead of e.g. steam cloud. Also good for the sake of keeping $HOME tidy, although that I've already accomplished by other means (`HOME=~/saves steam`).

:O

How come I've never thought about such a simple solution to keeping games from cluttering up my home? Any gotchas you've found with that solution so far?
MayeulC 11 Nov 2019
> allow you to isolate your Home folder

I hope it will finally allow users on SteamOS have separate game/achievement progress even if the game saves it to $HOME instead of e.g. steam cloud. Also good for the sake of keeping $HOME tidy, although that I've already accomplished by other means (`HOME=~/saves steam`).

:O

How come I've never thought about such a simple solution to keeping games from cluttering up my home? Any gotchas you've found with that solution so far?

I do the same on one of my systems. Be sure to symlink .config/pulse, so that your default audio device is respected. There might also something to do with default browser, etc. And of course, don't forget to always launch it that way :)
Thankfully there is an EULA that's displayed if I run it off the wrong path, so I can just discard that.

I've been having more and more concerns about isolating proprietary software and the RCE tools that are multiplayer games from my system. Nowadays, I run steam inside a flatpak, which works pretty well (only the binding of Isaac doesn't like it, but there is the steamplay version, even if I have to cope with slowdowns). This also has the added benefit of uncluttering my $HOME.

This development is interesting, though (a shame they're not using ostree/flatpaks). From what I understood, you cannot enable both tis and SteamPlay globally?

Edit: maybe they are using flatpaks, looking at the naming convention?

Edit 2: likely!
The unofficial flatpak distribution of the Steam client is not compatible at this time.

The flatpak solution wraps the entire Steam client, whereas Valve's approach is to wrap individual games first. Both approaches rely on the same technologies and we are looking into improving compatibility in the future.
That's a bummer. I'm looking forward to their improvements!


Last edited by MayeulC on 11 Nov 2019 at 12:07 am UTC
Shmerl 11 Nov 2019
Is it using lxc?


Last edited by Shmerl on 11 Nov 2019 at 3:07 am UTC
pb 11 Nov 2019
How come I've never thought about such a simple solution to keeping games from cluttering up my home? Any gotchas you've found with that solution so far?

I had to move or symlink some stuff in .config and .local/share but I've done it along the way when something didn't work etc. One example is .local/share/vulkan, the other is .config/pulse already mentioned by MayeulC. Also symlinked .config/godot so that I can run it either from steam or directly and have the same stuff. And of course it took some time to move all the clutter from $HOME because games can save their stuff in the most obscure places...


Last edited by pb on 11 Nov 2019 at 3:15 am UTC
Nevertheless 11 Nov 2019
How come I've never thought about such a simple solution to keeping games from cluttering up my home? Any gotchas you've found with that solution so far?

I had to move or symlink some stuff in .config and .local/share but I've done it along the way when something didn't work etc. One example is .local/share/vulkan, the other is .config/pulse already mentioned by MayeulC. Also symlinked .config/godot so that I can run it either from steam or directly and have the same stuff. And of course it took some time to move all the clutter from $HOME because games can save their stuff in the most obscure places...

Another solution is starting Steam with firejail --private=/another-directory steam, which then uses "another-directory" as home dir for Steam. Or you could use the Flatpak Steam install.
Creak 11 Nov 2019
Another solution is starting Steam with firejail --private=/another-directory steam, which then uses "another-directory" as home dir for Steam. Or you could use the Flatpak Steam install.
Is using flatpak Steam producing the same behavior as setting the HOME env variable?

It certainly limits the Steam app, but is it true as well for the games launched from it?
rustybroomhandle 11 Nov 2019
This might also be a thing that could go towards satisfying Easy Anticheat's requirements, without making changes to the OS, which the average Linux user would not have liked.
Nevertheless 11 Nov 2019
Another solution is starting Steam with firejail --private=/another-directory steam, which then uses "another-directory" as home dir for Steam. Or you could use the Flatpak Steam install.
Is using flatpak Steam producing the same behavior as setting the HOME env variable?

It certainly limits the Steam app, but is it true as well for the games launched from it?

Flatpak is a container solution that installs programs into sandbox directories and isolates them from your system. It provides programs with everything they need, from dependencies to all needed system files. From your system it only sees the kernel, drivers and directories you configure it to see and use. It does even provide 32bit libraries on pure 64bit systems.

More here: flatpak.org
Ananace 11 Nov 2019
Is it using lxc?

It sounds from their blog post like they're using bubblewrap - or possibly even Flatpak. (which would also mean bubblewrap)
Ardje 11 Nov 2019
Finally some real improvements. It always bothered me to just download and run 3rd party applications on my machine. But locking them down into their own container is absolutely necessary to get out of this security hell that's called steam.
Don't get me wrong, I love steam. But it is a security nightmare.
Any app can grab your / and send it to $someoneelse because there is 0 checks on that.
They don't even have to hide the scripts.
There are so many developers on steam, you can't keep them in check.
But containerizing it is what's really necessary, and it has a lot of benefits.
Beamboom 11 Nov 2019
That's the 32bit solution right there. Excellent.
Doc Angelo 11 Nov 2019
Finally they're doing this (if they actually make it impossible for apps to access the users home directory). Running closed source binaries on your system with the rights of your own user is really nothing but a security nightmare. Any stupid little game can fetch your bookmarks, your documents, your SSH keys (!) and whatever else it might be interested in. If you take that in mind, any big Steam sale could be seen as poking little holes into your privacy protection... for many one big reason they use Linux in the first place. But, the same is true for the Steam client itself. It also is a closed source binary, so itself should be run in a container as well.

I use firejail for that right now, but sadly some games don't like that and don't work anymore. It's just some of them. Would be awesome if Valve would make Steam run itself in a proper container that doesn't lead to problems with games.
Ardje 11 Nov 2019
Flatpak is a container solution that installs programs into sandbox directories and isolates them from your system.
Flatpak does not sandbox applications *unless* the flatpak requests it. It would be interesting once it starts enforcing it.
I don't know how steam flatpak is packaged though. With or without a request for containerizing.
Ardje 11 Nov 2019
Is it using lxc?
If you mean the kernel side of LXC, yes. Those are called namespaces and containergroups.
LXC is a userspace commandline interface to the kernel API.

For instance: you don't have to use LXC to setup a second seperate IP stack with it's own firewalling, all you need is to use ip (from iproute(2)).
poiuz 11 Nov 2019
Flatpak does not sandbox applications *unless* the flatpak requests it. It would be interesting once it starts enforcing it.
I don't know how steam flatpak is packaged though. With or without a request for containerizing.
It's the other way around: Everything is sandboxed & the application requests (at install time) access to resources. By using Portals access can also be handled at runtime, but this is limited to the available portals:
Flatpak Sandboxes
Flatpak Sandbox Permissions

Steam requires a lot of access but not to the whole root- or home-folder (Steam Flatpak manifest.
While you're here, please consider supporting GamingOnLinux on:

Reward Tiers: Patreon. Plain Donations: PayPal.

This ensures all of our main content remains totally free for everyone! Patreon supporters can also remove all adverts and sponsors! Supporting us helps bring good, fresh content. Without your continued support, we simply could not continue!

You can find even more ways to support us on this dedicated page any time. If you already are, thank you!
The comments on this article are closed.