Closed Gabe6out closed 3 months ago
This seems to be a new requirement from Steam that the shim kernels might not have by default. Can you check to see if https://superuser.com/a/1122977 works for you? Also, what board are you on?
Same thing happened to me, the link you sent doesn't work, and i'm on octopus board. Any solution yet?
womp
Recently I looked into this more, and it turns out the issue is actually the same one that prevents systemd (and flatpack) from working normally. The shim kernels do in fact have user namespaces enabled so that error message is incorrect.
When starting Steam, I get this in the console:
steam-runtime-check-requirements [6608]: W: Child process exited with code 1: bwrap: Failed to mount tmpfs: Operation not permitted
And this appears in the dmesg:
[ 3321.162242] Chromium OS LSM: sb_mount Mounting a filesystem with 'exec' flag requires CAP_SYS_ADMIN in init ns obj="/tmp" pid=8474 cmdline="/usr/bin/bwrap --bind / / true"
[ 3321.162256] Chromium OS LSM: sb_mount dev=tmpfs type=tmpfs flags=0x6
[ 3321.166470] Chromium OS LSM: sb_mount Mounting a filesystem with 'exec' flag requires CAP_SYS_ADMIN in init ns obj="/tmp" pid=8476 cmdline="/home/allen/.steam/debian-installation/ubuntu12_64/steam-runtime-sniper/pressure-vessel/libexec/steam-runtime-tools-0/srt-bwrap --bind / / true"
[ 3321.166482] Chromium OS LSM: sb_mount dev=tmpfs type=tmpfs flags=0x6
[ 3334.241389] Chromium OS LSM: sb_mount Mounting a filesystem with 'exec' flag requires CAP_SYS_ADMIN in init ns obj="/tmp" pid=8482 cmdline="/home/allen/.steam/debian-installation/ubuntu12_64/steam-runtime-sniper/pressure-vessel/libexec/steam-runtime-tools-0/srt-bwrap --bind / / true"
[ 3334.241407] Chromium OS LSM: sb_mount dev=tmpfs type=tmpfs flags=0x6
[ 3334.247861] Chromium OS LSM: sb_mount Mounting a filesystem with 'exec' flag requires CAP_SYS_ADMIN in init ns obj="/tmp" pid=8485 cmdline="/usr/bin/bwrap --bind / / true"
[ 3334.247874] Chromium OS LSM: sb_mount dev=tmpfs type=tmpfs flags=0x6
[ 3334.252786] Chromium OS LSM: sb_mount Mounting a filesystem with 'exec' flag requires CAP_SYS_ADMIN in init ns obj="/tmp" pid=8488 cmdline="/home/allen/.steam/debian-installation/ubuntu12_64/steam-runtime-sniper/pressure-vessel/libexec/steam-runtime-tools-0/srt-bwrap --bind / / true"
[ 3334.252799] Chromium OS LSM: sb_mount dev=tmpfs type=tmpfs flags=0x6
So Steam is using a library called bwrap, which tries to mount a tmpfs with the exec
flag in a new namespace. The shim kernel uses a Linux security module to block this sort of mount, which then causes bwrap to fail. Thus Steam isn't able to sandbox itself and fails to start.
I got Steam running on my own Chromebook by granting the suid permission to the bwrap binaries in Steam.
Try running this script:
#!/bin/bash
set -e
if [ ! "$HOME_DIR" ]; then
sudo HOME_DIR="$HOME" $0
exit 0
fi
fix_perms() {
local target_file="$1"
chown root:root "$target_file"
chmod u+s "$target_file"
}
fix_perms /usr/bin/bwrap
steam_bwraps="$(find "$HOME_DIR/.steam/" -name 'srt-bwrap')"
for bwrap_bin in $steam_bwraps; do
cp /usr/bin/bwrap "$bwrap_bin"
fix_perms "$bwrap_bin"
done
you should add this to the README
This seems to be a new requirement from Steam that the shim kernels might not have by default. Can you check to see if https://superuser.com/a/1122977 works for you? Also, what board are you on?
tried it. Didn't work
I got Steam running on my own Chromebook by granting the suid permission to the bwrap binaries in Steam.
Try running this script:
#!/bin/bash set -e if [ ! "$HOME_DIR" ]; then sudo HOME_DIR="$HOME" $0 exit 0 fi fix_perms() { local target_file="$1" chown root:root "$target_file" chmod u+s "$target_file" } fix_perms /usr/bin/bwrap steam_bwraps="$(find "$HOME_DIR/.steam/" -name 'srt-bwrap')" for bwrap_bin in $steam_bwraps; do cp /usr/bin/bwrap "$bwrap_bin" fix_perms "$bwrap_bin" done
Thanks
Multiverse and steam just doesn't work. Steam gives the error "Steam now requires user namespaces to be enabled." I don't know how to enable that.