Skip to content

steam-fhsenv: don't unshare pid #109466

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jan 17, 2021
Merged

steam-fhsenv: don't unshare pid #109466

merged 2 commits into from
Jan 17, 2021
+7 −0

Conversation

jonringer
Copy link
Contributor

@jonringer jonringer commented Jan 15, 2021
edited
Loading

Motivation for this change

closes: #104412

Some applications such as Natron need access to MIT-SHM or other
shared memory mechanisms. Unsharing the pid namespace
breaks the ability for application to reference shared memory.

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.

Sorry, something went wrong.

@jonringer
steam-fhsenv: don't unshare pid

Verified

This commit was signed with the committer’s verified signature. The key has expired.
cole-h Cole Helbling
GPG key ID: B37E0F2371016A4C
Expired
Verified
Learn about vigilant mode
f1b3f7a 
Some applications such as Natron need access to MIT-SHM or other
shared memory mechanisms. Unsharing the pid namespace
breaks the ability for application to reference shared memory.
@ofborg ofborg bot added 6.topic: steam Steam game store/launcher (store.steampowered.com) 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin 10.rebuild-linux: 1-10 labels Jan 15, 2021
@tobiasBora
Copy link
Contributor

To make it work with steam-run, we also need to put the unshareXXX code into the buildFhsUserEnv created in the passthru.run = buildFHSUserEnv. Also, does it make sense to copy all the unshare stuff, like unshare{User,Ipc,Pid,Net,Uts,CGroup}?

@jonringer
Copy link
Contributor Author

To make it work with steam-run, we also need to put the unshareXXX code into the buildFhsUserEnv

done

@tobiasBora
Copy link
Contributor

Thanks a lot, I can confirm it works. By the way, if you have any idea on how to make bubblewrap run packages that require fuse internally, I would be very happy to hear about it. This is used for example by some AppImages like LittleWeeb (and since appimage-run segfault on that image, I would have love to see if steam-run could get anything better). But anyway, I guess it's a different topic, this PR can be merged independently. Thanks again.

@jonringer
Copy link
Contributor Author

jonringer commented Jan 17, 2021
edited
Loading

My assumption is that using a new user space is breaking file IO, but would need to run an strace to know for sure

$ ./result/bin/bwrap --help
...
    --unshare-user               Create new user namespace (may be automatically implied if not setuid)
    --unshare-user-try           Create new user namespace if possible else continue by skipping it
    --unshare-ipc                Create new ipc namespace
    --unshare-pid                Create new pid namespace
    --unshare-net                Create new network namespace
    --unshare-uts                Create new uts namespace
    --unshare-cgroup             Create new cgroup namespace

@jonringer
Copy link
Contributor Author

anyway, was able to launch steam and csgo with changes

@jonringer jonringer merged commit c44acaa into NixOS:master Jan 17, 2021
@jonringer jonringer deleted the steam-unshare-pid branch January 17, 2021 00:55
@soupglasses soupglasses mentioned this pull request Oct 13, 2022
Closed
LunNova added a commit to LunNova/nixpkgs that referenced this pull request Oct 29, 2022
@LunNova
lutris: set unshareIpc and unsharePid to false
28244d4 
This copies a workaround required for steam, as the same issue occurs in lutris.

See NixOS#109466

Fixes battle.net client crashing on startup and overwatch crashing.

Fixes NixOS#195126
@LunNova LunNova mentioned this pull request Oct 29, 2022
Merged
13 tasks
jonringer pushed a commit that referenced this pull request Oct 31, 2022
@LunNova
lutris: set unshareIpc and unsharePid to false
07912c4 
This copies a workaround required for steam, as the same issue occurs in lutris.

See #109466

Fixes battle.net client crashing on startup and overwatch crashing.

Fixes #195126
@SebTM SebTM mentioned this pull request Feb 3, 2023
Merged
13 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
6.topic: steam Steam game store/launcher (store.steampowered.com) 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin 10.rebuild-linux: 1-10
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Steam-run: can't use MIT shared memory
2 participants
@jonringer @tobiasBora