Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Steam doesn't work #26

Closed
Gabe6out opened this issue May 30, 2024 · 8 comments
Closed

Steam doesn't work #26

Gabe6out opened this issue May 30, 2024 · 8 comments
Labels
bug Something isn't working

Comments

@Gabe6out
Copy link

Multiverse and steam just doesn't work. Steam gives the error "Steam now requires user namespaces to be enabled." I don't know how to enable that.
@Gabe6out Gabe6out added the bug Something isn't working label May 30, 2024
@ading2210
Copy link
Owner

This seems to be a new requirement from Steam that the shim kernels might not have by default. Can you check to see if https://superuser.com/a/1122977 works for you? Also, what board are you on?

@Maplecartography
Copy link

Same thing happened to me, the link you sent doesn't work, and i'm on octopus board. Any solution yet?

@OtterCodes101
Copy link
Contributor

image womp

@ading2210
Copy link
Owner

ading2210 commented Jun 6, 2024
edited
Loading

Recently I looked into this more, and it turns out the issue is actually the same one that prevents systemd (and flatpack) from working normally. The shim kernels do in fact have user namespaces enabled so that error message is incorrect.

When starting Steam, I get this in the console:

steam-runtime-check-requirements [6608]: W: Child process exited with code 1: bwrap: Failed to mount tmpfs: Operation not permitted

And this appears in the dmesg:

[ 3321.162242] Chromium OS LSM: sb_mount Mounting a filesystem with 'exec' flag requires CAP_SYS_ADMIN in init ns obj="/tmp" pid=8474 cmdline="/usr/bin/bwrap --bind / / true"
[ 3321.162256] Chromium OS LSM: sb_mount dev=tmpfs type=tmpfs flags=0x6
[ 3321.166470] Chromium OS LSM: sb_mount Mounting a filesystem with 'exec' flag requires CAP_SYS_ADMIN in init ns obj="/tmp" pid=8476 cmdline="/home/allen/.steam/debian-installation/ubuntu12_64/steam-runtime-sniper/pressure-vessel/libexec/steam-runtime-tools-0/srt-bwrap --bind / / true"
[ 3321.166482] Chromium OS LSM: sb_mount dev=tmpfs type=tmpfs flags=0x6
[ 3334.241389] Chromium OS LSM: sb_mount Mounting a filesystem with 'exec' flag requires CAP_SYS_ADMIN in init ns obj="/tmp" pid=8482 cmdline="/home/allen/.steam/debian-installation/ubuntu12_64/steam-runtime-sniper/pressure-vessel/libexec/steam-runtime-tools-0/srt-bwrap --bind / / true"
[ 3334.241407] Chromium OS LSM: sb_mount dev=tmpfs type=tmpfs flags=0x6
[ 3334.247861] Chromium OS LSM: sb_mount Mounting a filesystem with 'exec' flag requires CAP_SYS_ADMIN in init ns obj="/tmp" pid=8485 cmdline="/usr/bin/bwrap --bind / / true"
[ 3334.247874] Chromium OS LSM: sb_mount dev=tmpfs type=tmpfs flags=0x6
[ 3334.252786] Chromium OS LSM: sb_mount Mounting a filesystem with 'exec' flag requires CAP_SYS_ADMIN in init ns obj="/tmp" pid=8488 cmdline="/home/allen/.steam/debian-installation/ubuntu12_64/steam-runtime-sniper/pressure-vessel/libexec/steam-runtime-tools-0/srt-bwrap --bind / / true"
[ 3334.252799] Chromium OS LSM: sb_mount dev=tmpfs type=tmpfs flags=0x6

So Steam is using a library called bwrap, which tries to mount a tmpfs with the exec flag in a new namespace. The shim kernel uses a Linux security module to block this sort of mount, which then causes bwrap to fail. Thus Steam isn't able to sandbox itself and fails to start.

@ading2210
Copy link
Owner

ading2210 commented Jun 8, 2024
edited
Loading

I got Steam running on my own Chromebook by granting the suid permission to the bwrap binaries in Steam.

Try running this script:

#!/bin/bash

set -e

if [ ! "$HOME_DIR" ]; then
  sudo HOME_DIR="$HOME" $0 
  exit 0
fi

fix_perms() {
  local target_file="$1"
  chown root:root "$target_file"
  chmod u+s "$target_file"
}

fix_perms /usr/bin/bwrap

steam_bwraps="$(find "$HOME_DIR/.steam/" -name 'srt-bwrap')"
for bwrap_bin in $steam_bwraps; do
  cp /usr/bin/bwrap "$bwrap_bin"
  fix_perms "$bwrap_bin"
done

@OtterCodes101
Copy link
Contributor

you should add this to the README

@Gabe6out
Copy link
Author

This seems to be a new requirement from Steam that the shim kernels might not have by default. Can you check to see if https://superuser.com/a/1122977 works for you? Also, what board are you on?

tried it. Didn't work

@Gabe6out
Copy link
Author

I got Steam running on my own Chromebook by granting the suid permission to the bwrap binaries in Steam.

Try running this script:

#!/bin/bash

set -e

if [ ! "$HOME_DIR" ]; then
  sudo HOME_DIR="$HOME" $0 
  exit 0
fi

fix_perms() {
  local target_file="$1"
  chown root:root "$target_file"
  chmod u+s "$target_file"
}

fix_perms /usr/bin/bwrap

steam_bwraps="$(find "$HOME_DIR/.steam/" -name 'srt-bwrap')"
for bwrap_bin in $steam_bwraps; do
  cp /usr/bin/bwrap "$bwrap_bin"
  fix_perms "$bwrap_bin"
done

Thanks

@ading2210 ading2210 pinned this issue Aug 25, 2024
@ading2210 ading2210 unpinned this issue Aug 29, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@ading2210 @Maplecartography @OtterCodes101 @Gabe6out