search

ading2210 / shimboot

Boot a desktop Linux distribution from a Chrome OS RMA shim.
https://shimboot.ading.dev
GNU General Public License v3.0
113 stars 35 forks source link

Steam doesn't work #26

Closed Gabe6out closed 3 months ago

Gabe6out commented 4 months ago

Multiverse and steam just doesn't work. Steam gives the error "Steam now requires user namespaces to be enabled." I don't know how to enable that.

ading2210 commented 4 months ago

This seems to be a new requirement from Steam that the shim kernels might not have by default. Can you check to see if https://superuser.com/a/1122977 works for you? Also, what board are you on?

Maplecartography commented 4 months ago

Same thing happened to me, the link you sent doesn't work, and i'm on octopus board. Any solution yet?

OtterCodes101 commented 4 months ago
image

womp

ading2210 commented 3 months ago

Recently I looked into this more, and it turns out the issue is actually the same one that prevents systemd (and flatpack) from working normally. The shim kernels do in fact have user namespaces enabled so that error message is incorrect.

When starting Steam, I get this in the console:

steam-runtime-check-requirements [6608]: W: Child process exited with code 1: bwrap: Failed to mount tmpfs: Operation not permitted

And this appears in the dmesg:

[ 3321.162242] Chromium OS LSM: sb_mount Mounting a filesystem with 'exec' flag requires CAP_SYS_ADMIN in init ns obj="/tmp" pid=8474 cmdline="/usr/bin/bwrap --bind / / true"
[ 3321.162256] Chromium OS LSM: sb_mount dev=tmpfs type=tmpfs flags=0x6
[ 3321.166470] Chromium OS LSM: sb_mount Mounting a filesystem with 'exec' flag requires CAP_SYS_ADMIN in init ns obj="/tmp" pid=8476 cmdline="/home/allen/.steam/debian-installation/ubuntu12_64/steam-runtime-sniper/pressure-vessel/libexec/steam-runtime-tools-0/srt-bwrap --bind / / true"
[ 3321.166482] Chromium OS LSM: sb_mount dev=tmpfs type=tmpfs flags=0x6
[ 3334.241389] Chromium OS LSM: sb_mount Mounting a filesystem with 'exec' flag requires CAP_SYS_ADMIN in init ns obj="/tmp" pid=8482 cmdline="/home/allen/.steam/debian-installation/ubuntu12_64/steam-runtime-sniper/pressure-vessel/libexec/steam-runtime-tools-0/srt-bwrap --bind / / true"
[ 3334.241407] Chromium OS LSM: sb_mount dev=tmpfs type=tmpfs flags=0x6
[ 3334.247861] Chromium OS LSM: sb_mount Mounting a filesystem with 'exec' flag requires CAP_SYS_ADMIN in init ns obj="/tmp" pid=8485 cmdline="/usr/bin/bwrap --bind / / true"
[ 3334.247874] Chromium OS LSM: sb_mount dev=tmpfs type=tmpfs flags=0x6
[ 3334.252786] Chromium OS LSM: sb_mount Mounting a filesystem with 'exec' flag requires CAP_SYS_ADMIN in init ns obj="/tmp" pid=8488 cmdline="/home/allen/.steam/debian-installation/ubuntu12_64/steam-runtime-sniper/pressure-vessel/libexec/steam-runtime-tools-0/srt-bwrap --bind / / true"
[ 3334.252799] Chromium OS LSM: sb_mount dev=tmpfs type=tmpfs flags=0x6

So Steam is using a library called bwrap, which tries to mount a tmpfs with the exec flag in a new namespace. The shim kernel uses a Linux security module to block this sort of mount, which then causes bwrap to fail. Thus Steam isn't able to sandbox itself and fails to start.

ading2210 commented 3 months ago

I got Steam running on my own Chromebook by granting the suid permission to the bwrap binaries in Steam.

Try running this script:

#!/bin/bash

set -e

if [ ! "$HOME_DIR" ]; then
  sudo HOME_DIR="$HOME" $0 
  exit 0
fi

fix_perms() {
  local target_file="$1"
  chown root:root "$target_file"
  chmod u+s "$target_file"
}

fix_perms /usr/bin/bwrap

steam_bwraps="$(find "$HOME_DIR/.steam/" -name 'srt-bwrap')"
for bwrap_bin in $steam_bwraps; do
  cp /usr/bin/bwrap "$bwrap_bin"
  fix_perms "$bwrap_bin"
done
OtterCodes101 commented 3 months ago

you should add this to the README

Gabe6out commented 1 month ago

This seems to be a new requirement from Steam that the shim kernels might not have by default. Can you check to see if https://superuser.com/a/1122977 works for you? Also, what board are you on?

tried it. Didn't work

Gabe6out commented 1 month ago

I got Steam running on my own Chromebook by granting the suid permission to the bwrap binaries in Steam.

Try running this script:

#!/bin/bash

set -e

if [ ! "$HOME_DIR" ]; then
  sudo HOME_DIR="$HOME" $0 
  exit 0
fi

fix_perms() {
  local target_file="$1"
  chown root:root "$target_file"
  chmod u+s "$target_file"
}

fix_perms /usr/bin/bwrap

steam_bwraps="$(find "$HOME_DIR/.steam/" -name 'srt-bwrap')"
for bwrap_bin in $steam_bwraps; do
  cp /usr/bin/bwrap "$bwrap_bin"
  fix_perms "$bwrap_bin"
done

Thanks