steam: whitelisting may cause data loss in multiple games (config, saves, screenshots, etc)

[jose1711]

Description

We are already unblacklisting/whitelisting quite a few games but there may be a lot of missing and keeping up with changes may be sustainable.

Steps to Reproduce

1. Run Steam client
2. Play a (new?) game not covered by an existing noblacklist/whitelist set
3. Realize on a next day that the game data have not been saved to disk

One such example would be Road Redemption which uses ${HOME}/Road Redemption. We could add it manually to steam.profile but a long-term/more dynamic solution would be needed (IMHO).

Environment

• Arch Linux, x86_64

Checklist

• [x] The issues is caused by firejail (i.e. running the program by path (e.g. /usr/bin/vlc) "fixes" it).
• [x] I can reproduce the issue without custom modifications (e.g. globals.local).
• [x] The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)
• [x] The profile (and redirect profile if exists) hasn't already been fixed upstream.
• [x] I have performed a short search for similar issues (to avoid opening a duplicate).
  • [ ] I'm aware of browser-allow-drm yes/browser-disable-u2f no in firejail.config to allow DRM/U2F in browsers.
• [ ] I used --profile=PROFILENAME to set the right profile. (Only relevant for AppImages)

[SkewedZeppelin]

Yes, I originally brought this up as a negative to switching steam.profile to whitelist. Can be very annoying.

edit: see #3292

[netblue30]

What if we revert it back to a regular blacklisted profile?

We have in steam profile hardcoded at least 10 games with directories all over ~/.config and ~/.local/share. We clean up disable-programs.inc, then grab the old steam blacklisted profile and fix it. We just have to find when the whitelisting was put in.

[netblue30]

I'll attempt a full rewrite of steam profile, and I'll ask you guys to test it - I don't have steam here.

[nutta-git]

I do not know what I am talking about, take this with a grain of salt.

Would a GUI be useful? An application is given a default profile, but any more access will prompt the use a GUI asking for permission (notification).

Without a GUI: Currently

1. User sets steam with the default firejail permission (steam.profile).
2. User plays a game not covered under steam.profile and firejail silently voids access to resources.
3. Game can't save/perform, poor user experience.

With a GUI:

1. User sets steam with the default firejail permission (steam.profile).
2. User plays a game not covered under steam.profile and firejail request the user's permission for resources.
3. Game works, improved user experience.

The granted permission can persist only during that session or it can permanently persist.

I can see a some downsides to this:

1. Firejail is currently a CLI application and a GUI application "won't be in the spirit" of the project.
2. The GUI application has to be maintained.
3. GUI generated rules have to be tagged for logging and debugging.
4. An application can abuse the human role, if a user doesn't fully understand the resources they are granting, it could open a potential security hole.
5. The scope of the permission an application is requesting, how could Firejail know if an application need access to the whole folder or just a specific one within a folder.

Possible Solutions:

For Downside 4: The rules within the default profile are nonnegotiable, meaning If a game in steam.profile wanted to access ~/Documents, but steam.profile contained a rule that prevented this access, then the GUI will NOT prompt a notification and the request is silently voided.

For Downside 5: The user is allowed to edit the rules found the GUI. When the GUI prompts a resources request, the user has the ability to define the rule. Example. Application asks for access to ~/Documents, but the user can edit the request and override to ~/Documents/Specific_FileorFolder

These were my thoughts on a solution, I am pretty sure there is more downsides, but this was the only things I could come up with.