Good Evening:
Recently I decided to containerize my Steam instance by way of Simos’ great how-to. I had to do some fidling to get audio to work, but I got it working (long short, Steam cannot be run as root and I could not get access to the pulseaudio socket without elevated privileges. The work around is to have a regular user launch steam via script from within the container:
#!/bin/bash
export PULSE_SERVER="unix:/home/ubuntu/pulse-native" &&
steam
Anywho, that seemed to work until I ran into another problem: I could not launch any games that relied on Proton. A little research showed a common error no matter what game I attempted to launch:
bwrap: Failed to make / slave: Permission denied
My first thought was that this was a privilege issue. So I decided to turn my previously unprivileged container into a privileged container via:
lxc config set steam security.nesting true
Viola! Everything works, now. However, now I am itchy. I am itchy because I know a privileged container is far less secure than an unprivileged container. I decided to containerize Steam because I know it is a a very large security target.
So my question is this, is there a way I could have achieved the same results without sacrificing security?
Thank you!