Not long ago I was migrating my server programs to dedicated user accounts, to help minimize their privileges. And one of these servers had a GUI part to it, so I had to figure out how to give a program, run as another (system) user, access to the X session. Then it dawned on me, why can't I do this with games? I had thought about creating a different account specifically for games, but I didn't really want to have to switch accounts for that. Plus I might want to talk to people while playing.

So, I jumped on my laptop, and made the attempt. I got one game running, but there were a few things I still had to figure out: how to grant access to GPU acceleration (add to the video group) and how to forward sound (paprefs > enable network access, PULSE_SERVER=localhost). Eventually I put together a reliable script to launch games as other users, and I didn't notice any performance impact. Going even further, I removed file permissions for "other", restricted access to UID changing programs, and I added special firewall rules for users, so I had one user for offline games without internet access and one that had internet access, with some local access restrictions.

This was fair bit of work, but I actually thought it was rather fun. And there were other benefits, like teaching me how to apply the same isolation to programs like web browsers.

Do any of you practice some form of game software isolation?

Update 03/07/15

For anyone who might have been interested, I have now posted the scripts I'm using on Github: https://github.com/ntfwc/sudo-x