Join us on our own very special Reddit: /r/Linuxers

Steam for Linux can now run games in a special container

By - | Views: 51,917

In the latest Steam Beta Client for Linux, Valve have added a new way to run Linux games through a special container.

This is something that was being hinted, as we noticed when the new Steam Library was rolled out (noted at the bottom) you could briefly install the Steam Linux Runtime from the Tools menu before it was hidden again. Now we know why!

It's a new experimental feature, allowing you to better isolate games from the host system as detailed in a post on Steam from developer Timothee Besset. As the post from Besset states, it can help Valve support older titles on newer distributions, allow developers to test directly against it reducing QA time, other runtimes can be added using newer compilers and libraries, allow you to isolate your Home folder and a whole lot more.

How to use it

In the Tools menu on Steam, make sure you have the Steam Linux Runtime installed:

Then force it onto a game in the Properties. The same way you would force a particular version of Proton. Right click a game, Properties, then at the bottom you will see this:

Note: You will probably need to restart Steam to have it show up

Seeing issues? Not all games will run, if they don't open a bug report here. See the full post for all the details.

Hat tip to dumpBikes.

Article taken from GamingOnLinux.com.
Tags: Beta, Steam
45 Likes, Who?
We do often include affiliate links to earn us some pennies. We are currently affiliated with GOG and Humble Store. See more here.
About the author -
author picture
I am the owner of GamingOnLinux. After discovering Linux back in the days of Mandrake in 2003, I constantly came back to check on the progress of Linux until Ubuntu appeared on the scene and it helped me to really love it. You can reach me easily by emailing GamingOnLinux directly.
See more from me
The comments on this article are closed.
33 comments
Page: «2/4»
  Go to:

Creak 11 Nov, 2019
Quoting: NeverthelessAnother solution is starting Steam with firejail --private=/another-directory steam, which then uses "another-directory" as home dir for Steam. Or you could use the Flatpak Steam install.
Is using flatpak Steam producing the same behavior as setting the HOME env variable?

It certainly limits the Steam app, but is it true as well for the games launched from it?
rustybroomhandle 11 Nov, 2019
This might also be a thing that could go towards satisfying Easy Anticheat's requirements, without making changes to the OS, which the average Linux user would not have liked.
Nevertheless 11 Nov, 2019
Quoting: Creak
Quoting: NeverthelessAnother solution is starting Steam with firejail --private=/another-directory steam, which then uses "another-directory" as home dir for Steam. Or you could use the Flatpak Steam install.
Is using flatpak Steam producing the same behavior as setting the HOME env variable?

It certainly limits the Steam app, but is it true as well for the games launched from it?

Flatpak is a container solution that installs programs into sandbox directories and isolates them from your system. It provides programs with everything they need, from dependencies to all needed system files. From your system it only sees the kernel, drivers and directories you configure it to see and use. It does even provide 32bit libraries on pure 64bit systems.

More here: flatpak.org
Ananace 11 Nov, 2019
Quoting: ShmerlIs it using lxc?

It sounds from their blog post like they're using bubblewrap - or possibly even Flatpak. (which would also mean bubblewrap)
Ardje 11 Nov, 2019
Finally some real improvements. It always bothered me to just download and run 3rd party applications on my machine. But locking them down into their own container is absolutely necessary to get out of this security hell that's called steam.
Don't get me wrong, I love steam. But it is a security nightmare.
Any app can grab your / and send it to $someoneelse because there is 0 checks on that.
They don't even have to hide the scripts.
There are so many developers on steam, you can't keep them in check.
But containerizing it is what's really necessary, and it has a lot of benefits.
Beamboom 11 Nov, 2019
That's the 32bit solution right there. Excellent.
Doc Angelo 11 Nov, 2019
Finally they're doing this (if they actually make it impossible for apps to access the users home directory). Running closed source binaries on your system with the rights of your own user is really nothing but a security nightmare. Any stupid little game can fetch your bookmarks, your documents, your SSH keys (!) and whatever else it might be interested in. If you take that in mind, any big Steam sale could be seen as poking little holes into your privacy protection... for many one big reason they use Linux in the first place. But, the same is true for the Steam client itself. It also is a closed source binary, so itself should be run in a container as well.

I use firejail for that right now, but sadly some games don't like that and don't work anymore. It's just some of them. Would be awesome if Valve would make Steam run itself in a proper container that doesn't lead to problems with games.
Ardje 11 Nov, 2019
Quoting: NeverthelessFlatpak is a container solution that installs programs into sandbox directories and isolates them from your system.
Flatpak does not sandbox applications *unless* the flatpak requests it. It would be interesting once it starts enforcing it.
I don't know how steam flatpak is packaged though. With or without a request for containerizing.
Ardje 11 Nov, 2019
Quoting: ShmerlIs it using lxc?
If you mean the kernel side of LXC, yes. Those are called namespaces and containergroups.
LXC is a userspace commandline interface to the kernel API.

For instance: you don't have to use LXC to setup a second seperate IP stack with it's own firewalling, all you need is to use ip (from iproute(2)).
poiuz 11 Nov, 2019
Quoting: ArdjeFlatpak does not sandbox applications *unless* the flatpak requests it. It would be interesting once it starts enforcing it.
I don't know how steam flatpak is packaged though. With or without a request for containerizing.
It's the other way around: Everything is sandboxed & the application requests (at install time) access to resources. By using Portals access can also be handled at runtime, but this is limited to the available portals:
Flatpak Sandboxes
Flatpak Sandbox Permissions

Steam requires a lot of access but not to the whole root- or home-folder (Steam Flatpak manifest.
While you're here, please consider supporting GamingOnLinux on:

Patreon, Liberapay or PayPal Donation.

We have no adverts, no paywalls, no timed exclusive articles. Just good, fresh content. Without your continued support, we simply could not continue!

You can find even more ways to support us on this dedicated page any time. If you already are, thank you!
The comments on this article are closed.