Steam wont launch in firejail using Sea Island GPU(AMD) with vulkan(RADV) support enabled #4237
Comments
|
Duplicate of #3219? At least vlc yes. fix vlc with this and try this for steam |
This did work to fix vlc by creating a firejail folder in /home/username/.config/firejail and then adding a vlc.local to there. adding seccomp !kcmp to the vlc.profile(or vlc.local) located in /etc/firejail did not work. Odd, but whatever
I assume you meant This did not enable steam to work. I also tried Perhaps there is a feature of firejail that is recognizing the fact I am loading the 'wrong' driver for this card and sees that as some sort of security breach? |
|
Is anything relevant in the syslog? If not, try |
|
Ok, looking it over more it seems it wasn't reading steam.local because when I commented out seccomp it had no effect. Deleting steam.local and commenting out seccomp in steam.profile did enable steam to work again. This was the only comment I made in the file. My syslog shows this error when trying to run steam with seccomp enabled. following the seccomp guide found here https://firejail.wordpress.com/documentation-2/seccomp-guide/ I tried running I tried I take it my syntax is wrong? |
|
Also, my debian installation is amd64 but steam is 32 bit and I have the i386 architecture enabled to use it. I see syscall 349 is for i386 so maybe the issue is firejail cant reference the i386 architecture on an amd64 install? I could be blowing smoke but it could be relevant so I figured I would add it incase someone wasn't aware of this about steam. |
|
You can try but IDK if this works. If not use |
|
This works only with separate lines for the 32bit syscall and the 64 bit syscall being split. I guess vlc for debian is 32 bit? And/or this is only a problem if there need to be 64 bit and 32 bit exceptions? It might be worth updating the manpage to mention that seccomp.32 is an option when there is split 64bit and 32bit usage, or maybe this is something that can be fixed internally to firejail. Ill keep testing to see if there are other issues. |
|
There are some other issues with games within Steam but overall the initial problem I cited is fixed so I will close this and diagnose the game issues on a case by case basis. Thanks |
Thanks for taking the time to read this I tried to fill it out as best I can. I really apprieciate firejail compared to the other container options so many thanks to everyone that puts the time into this project
Bug and expected behavior
Launching
firejail steamusing radeon driver works fine starting steam. However, graphics performance is poor in many games on a Radeon R9 390(Hawaii) using this driver. Performance is also poor with the radeon driver while not using firejail notably when playing games meant for Windows but also many games built or ported to linux as native programs.Vulkan(RADV) drivers are enabled via a change to the grub2 config file via editing /etc/default/grub to include:
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash **radeon.cik_support=0 amdgpu.cik_support=1**"This changes the driver from radeon to amdgpu
Valve suggests enabling Vulkan driver support for this card which works great in non firejailed steam. Firejailed steam does not load yielding a multitude of warnings although the predominant one is:
Could not connect to X session manager: None of the authentication protocols specified are supportedit then begins to install a breakpad exception handler over and over again.
If I switch back to the radeon driver by removing the radeon.cik_support=0 amdgpu.cik_support=1 steam will load in a firejail and operate fine but its not very useful.
Steam to start up and run correctly in a firejail and games will use the RADV driver so that they are playable. Similar to when I run steam with this configuration without using firejail.
No profile and disabling firejail
firejail --noprofile /path/to/programin a terminal?Calling
firejail --noprofile steamdoes boot steam with amdgpu(RADV) enabled(the desired outcome). There are still many errors forCould not connect to X session manager: None of the authentication protocols specified are supported. This does not seem to affect anythingfirejail --listshows a jailed instance of SteamGames appear to work fine.
/usr/bin/vlc)?There is no steam referenced in /usr/bin
Environment
lsb_release -a,screenfetchorcat /etc/os-release)lsb_release -a No LSB modules are available. Distributor ID: Debian Description: Debian GNU/Linux bullseye/sid Release: testing Codename: bullseyeI am running Gnome with GDM on wayland.
This also occurs using Gnome/GDM/x11, Gnome/LightDM/wayland, Gnome/LightDM/x11, and LXDE.
firejail --version) exclusive or used git commit (git rev-parse HEAD)`firejail --version
firejail version 0.9.64.4
Compile time support:
- AppArmor support is enabled
- AppImage support is enabled
- chroot support is enabled
- D-BUS proxy support is enabled
- file and directory whitelisting support is enabled
- file transfer support is enabled
- firetunnel support is enabled
- networking support is enabled
- overlayfs support is disabled
- private-home support is enabled
- private-cache and tmpfs as user enabled
- SELinux support is enabled
- user namespace support is enabled
- X11 sandboxing support is enabled`
Additional context
Other context about the problem like related errors to understand the problem.
A similar issue happens with VLC in firejail that is probably related. With amdgpu enabled
firejail vlcwill appear to load a file but not actually play any video or audio. Both the steam problem and the vlc problem goes away in a firejail by switching back to radeon drivers so I think solving one problem will help solve the other problem.Checklist
The profile (and redirect profile if exists) hasn't already been fixed upstream.
no
The program has a profile. (If not, request one in
https://github.com/netblue30/firejail/issues/1139)there is a steam.profile
I have performed a short search for similar issues (to avoid opening a duplicate).
From what I can tell this may only affect a "sea island" card running linux trying to use vulkan drivers on current AAA games. I have not found any other issue about this
If it is a AppImage,
--profile=PROFILENAMEis used to set the right profile.not an appimage
Used
LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8 PROGRAMto get english error-messages.I hope this is all in english
I'm aware of
browser-allow-drm yes/browser-disable-u2f noinfirejail.configto allow DRM/U2F in browsers.sure
This is not a question. Questions should be asked in https://github.com/netblue30/firejail/discussions.
debug output
The text was updated successfully, but these errors were encountered: