this post was submitted on 28 Oct 2024
38 points (93.2% liked)

Linux Gaming

15887 readers
6 users here now

Gaming on the GNU/Linux operating system.

Recommended news sources:

Related chat:

Related Communities:

Please be nice to other members. Anyone not being nice will be banned. Keep it fun, respectful and just be awesome to each other.

founded 4 years ago
MODERATORS
 

Is there a consensus on how to run Steam and games isolated from the main system? I've seen Flatpak mentioned in some Reddit post but I'm not sure how good the separation is. Everything about Flatpak sounds like an early work in progress, but I can be convinced otherwise.

I don't trust Steam or the closed source games at all. Currently I've got a second disk with a separate system for gaming, but I very rarely have the motivation to reboot. I want to game more (and spend less time on social media) but compromising my main OS is out of the question. Stuff in the home directory should be isolated from the games. Ideally no network access too, but Steam will not work in that case.

If someone has seen a ready made guide I'd be happy to read it. Any tips would be nice too.

you are viewing a single comment's thread
view the rest of the comments
[โ€“] [email protected] 9 points 3 weeks ago (1 children)

Since games don't have to run with more than user privileges and steam runs in flatpak, you could run them as a different user account with very limited permissions.

That said, flatpak should be pretty secure as far as I'm aware if you make sure that permissions for the apps running are restricted appropriately. I'm not sure how restricted you can make steam and still have it work though

You can use offline mode for steam if you're okay with steam having internet but not games. But there's no way to use steam entirely offline. Internet access is a fundamental part of the system they have.

There's also a question of what your threat model is. Like are you trying to prevent causal access of your files by games, or like a sophisticated attempt to compromise the system conveyed through a game. For the former flatpak seems sufficient. For the latter you probably need a dedicated machine. And there's varying levels in between

[โ€“] [email protected] 3 points 3 weeks ago

I doubt the potentially malicious games will have code sophisticated enough to bypass a sandbox, just because majority of users don't have a sandbox for them, and I'm not paranoid enough to fear targeted attacks. Other than that, the game shouldn't have access to my home directory or network.