While you're here, please consider supporting GamingOnLinux on:
Reward Tiers: Patreon. Plain Donations: PayPal.
This ensures all of our main content remains totally free for everyone! Patreon supporters can also remove all adverts and sponsors! Supporting us helps bring good, fresh content. Without your continued support, we simply could not continue!
You can find even more ways to support us on this dedicated page any time. If you already are, thank you!
Reward Tiers: Patreon. Plain Donations: PayPal.
This ensures all of our main content remains totally free for everyone! Patreon supporters can also remove all adverts and sponsors! Supporting us helps bring good, fresh content. Without your continued support, we simply could not continue!
You can find even more ways to support us on this dedicated page any time. If you already are, thank you!
Login / Register
- GE-Proton 9-23 released with a Battle.net update fix for Linux / Steam Deck
- NVIDIA release new GPU driver updates for Linux and Windows after announcing security issues
- Games to claim from Prime Gaming, Jan 17 edition round-up for SteamOS Linux and Steam Deck
- Cubic Odyssey announced as a fusion of Minecraft and No Man's Sky
- Proton Experimental gets fixes for Marvel Rivals, Sea of Thieves and Stalker 2
- > See more over 30 days here
-
Windows compatibility layer Wine 10.0 out now bringing …
- Pyrate -
GE-Proton 9-23 released with a Battle.net update fix fo…
- Mohandevir -
Windows compatibility layer Wine 10.0 out now bringing …
- Shmerl -
Windows compatibility layer Wine 10.0 out now bringing …
- Linux_Rocks -
GE-Proton 9-23 released with a Battle.net update fix fo…
- Ali_John - > See more comments
View PC info
First of all, you CAN'T give the namespace NO network. Processes will just crash, for example a lot of Wine processes can't initialize. Also, there may be dlls that bypass network functionality, but your process will die in the ass if no network is initialized. For example GoG Galaxy isn't necessary for single player games installed with offline installers, but there may be a dll that gets hooked. It needs an interface, so I give it loopback.
Secondly, namespaces aren't a lot of fun for users, because they require privileges. CAP_SYS_ADMIN at least and while I could grant my user that with linux capabilities, that's almost as bad as running things as root.
So therefore, these are the gymnastics I settled for, in my Lutris launching command. Trial and error :-)
sudo unshare -n -- sh -c 'ip link set dev lo up; sudo -u grogan lutris'
That will prompt for your user password once (unless it's already cached from recent use in that shell already). The second sudo command will not prompt, because you're downgrading privileges from root, launching as your user in that case.
Then, games launched from lutris will not crash, but fail to connect to the internet. I tested it on the EA App, which launches but fails to log in because it has no internet connectivity.
View PC info
Well, if using KDE, Gnome, XFCE or other sophisticated environment, when you create shortcuts you should have a checkbox to "run in terminal"
If not (I use a simple window manager), just use xterm -e
For example, as the command of your shortcut or menu entry
xterm -e sudo unshare -n -- sh -c 'ip link set dev lo up; sudo -u grogan lutris'
This then pops up a little xterm window for me to answer the sudo password prompt, then lutris runs.
View PC info
I must admit I had this idea one time and wanted to search how to do it, but in the end I never did.
View PC info
You'd only want to do this when you want to prevent network access.
View PC info
I don't see why not (any command you want) :-)
sudo unshare -n -- sh -c 'ip link set dev lo up; sudo -u grogan /storage3/shit/Soma/start.sh'
(just tested that... Linux native game bought on GoG)
EDIT: As "Command prefix" in your Lutris runner settings I mean, not for launching Lutris itself. Should work just fine for native and Wine games, outside of lutris as well. You'll need to install firejail first, obviously.
Last edited by tuubi on 13 Sep 2023 at 2:26 pm UTC
View PC info
Also, as I said, no network interface is an unexpected condition that will cause a lot of things to crash and abort. It would probably be OK for Linux native games (as would simply unshare -n) but I couldn't get anything off the ground because of wine services failing without bringing up at least lo
Even so, Just Cause 2 crashes and aborts after the first splash screen even with the lo interface in the network namespace. At first I thought it was "phone home or die" but I did a test with the network cable unplugged (I booted up without it too, so eth0 wouldn't even be brought up) and Just Cause 2 launches normally then, as long as its not running in that namespace. That's creepy... that's only a network namespace that's not restricting anything else, and it has an interface to bind to. It should be no different than a yanked cable.