undefined | Better HN

0 pointsArnavion11y ago0 comments

Steam shouldn't run as its own user. It's a user-level process, not a system process. It needs to have user-specific things (install directory, save games, etc.) that need to be accessible to the person using it. Separating processes into users is only one method of sandboxing, and not appropriate in this case. Sandboxing via mechanisms like SELinux is the correct solution.

One of the users in the Github thread even mentions how SELinux prevented the same thing from happening on his machine.

0 comments

SolarNet11y ago

Yes you are of course correct about SELinux!

I actually separated Steam into a sand-boxed "steam" user account. But maybe that's because I learned Unix on BSD and never included SELinux or how to use it (and it isn't obvious from a desktop user accounts perspective), I should probably check that out.

digi_owl11y ago

SELinux seems like a case of hunting tweetie birds with 88s...

j / k navigate · click thread line to collapse