containers and steam
play

Containers and Steam Putting games under pressure Simon McVittie - PowerPoint PPT Presentation

Aug 21, 2023 •391 likes •592 views

Containers and Steam Putting games under pressure Simon McVittie smcv@collabora.com smcv@debian.org 2020-02-01 1 Introduction Steam is Valve's app-store for games on Windows, Mac, SteamOS and generic Linux I'm a consultant at

  1. Containers and Steam Putting games under pressure Simon McVittie smcv@collabora.com smcv@debian.org 2020-02-01 1

  2. Introduction Steam is Valve's app-store for games on Windows, Mac, SteamOS and ● generic Linux I'm a consultant at Collabora, helping Valve with the Steam Runtime ● People who have bought a game expect it to work ● There's no useful ABI baseline for how we make it work ● except maybe the LSB, but nobody actually uses that – 2

  3. The Steam Runtime, circa 2013 Steam Runtime 1 'scout', based on Ubuntu 12.04 LTS 'precise' ● 3

  4. The Steam Runtime, circa 2013 Bundle all the things! ● Except for glibc and the graphics driver – Steam Runtime 1 'scout', based on Ubuntu 12.04 LTS 'precise' ● LD_LIBRARY_PATH=/path/to/lib ● It worked! ● But not for long – 4

  5. Graphics drivers are hard Open-source drivers (Mesa) ● We need to use dependencies at least as new as the distribution – New GPUs need a new Mesa – New kernels work best with a new Mesa – Proprietary NVIDIA drivers, and historically others ● Must be in lockstep with the kernel module – 5

  6. glibc is also hard /lib/ld-linux.so.2 is hard-coded into every i386 dynamic binary ● /lib64/ld-linux-x86-64.so.2 is hard-coded into every x86_64 dynamic binary ● If ld.so doesn't match libdl.so.2, bad things happen ● If libdl.so.2 doesn't match libc.so.6, bad things happen ● If libc.so.6 doesn't match libpthread.so.0, you get the idea ● So the Steam Runtime cannot include glibc ● 6

  7. The Steam Runtime, circa 2018 What if we use more host-system libraries in the container? ● 7

  8. The Steam Runtime, circa 2018 Still bundle all the things! ● Except for glibc and the graphics driver – Steam Runtime 1 'scout', based on Ubuntu 12.04 LTS 'precise' ● LD_LIBRARY_PATH again ● Find all the system libraries that are newer than ours and put them first ● It works, except when it doesn't ● Comparing versions is not as obvious as you might think – libcurl.so.4 has a different ABI in different distributions – OpenSSL is always troublesome – Game vendors accidentally add dependencies from outside the Runtime ● 8

  9. pressure-vessel Put each game in a container, using bubblewrap ● 9

  10. pressure-vessel Put each game in a container, using bubblewrap ● Lots of code recycled from Flatpak – Graphics drivers (and maybe dependencies) from the host system ● We wish we didn't have to – Container's /usr is a very strict 'scout' environment ● Good for QA: if it works here, it should work anywhere – But: dependencies outside the runtime? No game for you – Experimental side-benefit: separate $HOME per-game ● Currently breaks Cloud Auto-Sync and Steam Workshop – Not a security boundary ● Would be nice, but not a priority right now – 10

  11. Meanwhile, in the community... 11

  12. Steam, as an unofficial Flatpak app Put the entire Steam client in a container, along with all games ● 12

  13. Steam, the unofficial Flatpak app Put the entire Steam client in a container ● Container's /usr is the freedesktop.org Flatpak runtime ● Games are in the same container ● … inside the (2018 edition) Steam Runtime – Is a security boundary ● At least, a weak one – X11 is hard to sandbox – Graphics drivers and glibc from the Flatpak runtime ● Libraries from the Flatpak runtime or the Steam Runtime, whichever is newer ● Goes to heroic efforts to work around broken games ● 13

  14. Flatpak with pressure-vessel inside? Sadly, not possible for technical and security reasons ● If unprivileged users can't create a userns (e.g. Debian), to make setuid – bubblewrap safe, it has to relinquish privileges Flatpak doesn't want apps to be able to make arbitrary containers anyway, – so that portals can identify sandboxed processes by /proc/PID/root/.flatpak-info 14

  15. The future? Old games need to keep working ● Even with new distributions, GPUs, graphics drivers – Even though old runtimes can't compile new graphics drivers – New games need new runtimes ● Ubuntu 12.04 is many things but new is not one of them – New games need to keep working too ● Games that work on Debian 10 won't necessarily work on Debian 15 – 15

  16. Future: games in newer runtimes? pressure-vessel decouples the Steam client's runtime from the game's ● 16

  17. Future: scout inside a newer container runtime? For older games that accidentally depend on post-2012 libraries ● 17

  18. Flatpak with a parallel scout container? Requires Flatpak and bubblewrap feature development ● PID namespace currently breaks Steam's tracking of running games ● IPC 18

  19. Containers and Steam Any questions? https://github.com/ValveSoftware/steam-runtime https://repo.steampowered.com/ https://www.collabora.com/ 20

Recommend

STEAM Parent Meetings What is STEAM? The STEAM school will give the students the opportunity to

STEAM Parent Meetings What is STEAM? The STEAM school will give the students the opportunity to

STEAM Parent Meetings What is STEAM? The STEAM school will give the students the opportunity to learn through a project based learning ( PBL ) approach with a focus on (S)cience, (T)echnology, (E)ngineering, (A)rts, and (M) athematics. PBL gives

362 views • 14 slides
Unprivileged Containers Jess Frazelle, @jessfraz How do containers help security? Containers are

Unprivileged Containers Jess Frazelle, @jessfraz How do containers help security? Containers are

Unprivileged Containers Jess Frazelle, @jessfraz How do containers help security? Containers are not going to be the answer to preventing your application from being compromised, but they can limit the damage from a compromise. How do

823 views • 25 slides
Improving Trust in Containers Matthew Garrett @mjg59 | mjg59@coreos.com | coreos.com

Improving Trust in Containers Matthew Garrett @mjg59 | mjg59@coreos.com | coreos.com

Improving Trust in Containers Matthew Garrett @mjg59 | mjg59@coreos.com | coreos.com Containers are great Containers are resource efficient Containers make deployment easy Containers can be monitored easily Containers are secure But are

508 views • 38 slides
Everything you need to know about Containers Security Track Containers Jos Manuel Ortega

Everything you need to know about Containers Security Track Containers Jos Manuel Ortega

Everything you need to know about Containers Security Track Containers Jos Manuel Ortega @jmortegac Agenda Introduction to containers security Linux Containers(LXC) Docker Security Security pipeline && Container

807 views • 57 slides
PRESENTATION OVERVIEW How is Steam growing? Developer Tool Improvements Community Expansion The

PRESENTATION OVERVIEW How is Steam growing? Developer Tool Improvements Community Expansion The

STEAM BUSINESS UPDATE PRESENTATION OVERVIEW How is Steam growing? Developer Tool Improvements Community Expansion The Steam Universe is Expanding HOW IS STEAM GROWING? HOW IS STEAM GROWING? WORLDWIDE MARKETPLACE 75 Million Active Users 7.5

510 views • 27 slides
SUSE Containers as a Service Platform 53 53 Why Do You Want to Invest in Containers? 54 54

SUSE Containers as a Service Platform 53 53 Why Do You Want to Invest in Containers? 54 54

SUSE Containers as a Service Platform 53 53 Why Do You Want to Invest in Containers? 54 54 What are Containers? A package/image that can be deployed anywhere (thats running a Linux Kernel) Developers create a layered image of their

996 views • 53 slides
What is LATIC? Learner-Active, Technology-Infused Classroom (LATIC) is a learning method unique to

What is LATIC? Learner-Active, Technology-Infused Classroom (LATIC) is a learning method unique to

STEAM Parent Open House at 6-7PM in the HS East Student Center The STEAM Academy is the STEAM Contact Information integration of science, technology, engineering, arts and math using a school within a school approach. STEAM Academy Students

213 views • 3 slides
Herd of Containers Sad DIF Database Engineer Herd of Containers: PostgreSQL in containers at

Herd of Containers Sad DIF Database Engineer Herd of Containers: PostgreSQL in containers at

Herd of Containers Sad DIF Database Engineer Herd of Containers: PostgreSQL in containers at BlaBlaCar pgDay Paris, Mar 15, 2018 BlaBlaCar Overview Todays agenda PostgreSQL usage at BlaBlaCar Switching to a new implementation

844 views • 40 slides
STEAM FLOW METER THERMAX LIMITED C&H, SERVICES SBU MONITORING IS THE FIRST STEP TO SAVING

STEAM FLOW METER THERMAX LIMITED C&H, SERVICES SBU MONITORING IS THE FIRST STEP TO SAVING

ORIFICE TYPE STEAM FLOW METER THERMAX LIMITED C&H, SERVICES SBU MONITORING IS THE FIRST STEP TO SAVING MONEY Steam measurement objectives To ensure steam generated by the boiler fulfils its design norms To establish steam

600 views • 13 slides
LAGUNA AND NAVAJOS JOURNEY TO STEAM ACCREDITATION PRESENTED BY TEACHING AND LEARNING MAY 5,

LAGUNA AND NAVAJOS JOURNEY TO STEAM ACCREDITATION PRESENTED BY TEACHING AND LEARNING MAY 5,

FULL STEAM AHEAD: LAGUNA AND NAVAJOS JOURNEY TO STEAM ACCREDITATION PRESENTED BY TEACHING AND LEARNING MAY 5, 2020 1 Defining STEAM Laguna Navajo STEAM is an inquiry-based At Navajo , STEAM is approach to learning that

682 views • 12 slides
STEAM Baldwin Schools Board of Education Presentation March 13, 2019 What is STEAM and the

STEAM Baldwin Schools Board of Education Presentation March 13, 2019 What is STEAM and the

STEAM Baldwin Schools Board of Education Presentation March 13, 2019 What is STEAM and the Next Generation Science Standards? STEAM is an educational approach to learning that uses Science, Technology, Engineering, the Arts and Mathematics

520 views • 12 slides
Water, Steam, and Ice Water is common above 32 F (0 C) Steam is common at high

Water, Steam, and Ice Water is common above 32 F (0 C) Steam is common at high

Water, Steam, and Ice 1 Water, Steam, and Ice 2 Observations about Water, Steam, and Ice Water has three forms or phases Ice is common below 32 F (0 C) Water, Steam, and Ice Water is common above 32 F (0 C) Steam is

444 views • 3 slides
Persistent storage for Containers Anil Degwekar What are we talking about? Containers have

Persistent storage for Containers Anil Degwekar What are we talking about? Containers have

Persistent storage for Containers Anil Degwekar What are we talking about? Containers have become popular replacing many Physical / Virtual Machine use cases But: The persistent storage problem for containers is still not fully solved

1.01k views • 17 slides
Containers in the Enterprise Avoiding the Kobayashi Maru Agenda Containers Bring Change

Containers in the Enterprise Avoiding the Kobayashi Maru Agenda Containers Bring Change

Containers in the Enterprise Avoiding the Kobayashi Maru Agenda Containers Bring Change An Approach Required Software Processes Cultural Changes Additional Concerns Lessons Learned Why This Talk? Containers are

678 views • 49 slides
SUMMER STEAM 2017 WELCOME NEW FACULTY & STAFF September, 2017 Dr. Judy Stewart

SUMMER STEAM 2017 WELCOME NEW FACULTY & STAFF September, 2017 Dr. Judy Stewart

SUMMER STEAM 2017 WELCOME NEW FACULTY & STAFF September, 2017 Dr. Judy Stewart President/CEO, VA STEAM SUMMER STEAM 2017 Mission : To nurture future generations of creative, ethical, and imaginative STEAM leaders who understand and

464 views • 24 slides
Welcome to the March PSCC Meeting Please help yourself to food!!! STEAM Presentation Jennie

Welcome to the March PSCC Meeting Please help yourself to food!!! STEAM Presentation Jennie

Welcome to the March PSCC Meeting Please help yourself to food!!! STEAM Presentation Jennie Canning, Lead STEAM Teacher at Brashear STEAM Presentation Ms. Canning presented a powerpoint about our STEAM program here at Brashear. We showed

343 views • 10 slides
Car Wash Steam System with LPG as fuel Advantages Traditional System vs Ultragaz Car Wash Steam

Car Wash Steam System with LPG as fuel Advantages Traditional System vs Ultragaz Car Wash Steam

Car Wash Steam System with LPG as fuel Advantages Traditional System vs Ultragaz Car Wash Steam System Water Operational consumption Chemicals Manpower costs High pressure water wash Car Wash Steam System Car Wash Steam System

357 views • 12 slides
Exploding the Linux Container Host Presenter: Ben Corrie (@bensdoings) Containers vs VMs

Exploding the Linux Container Host Presenter: Ben Corrie (@bensdoings) Containers vs VMs

Exploding the Linux Container Host Presenter: Ben Corrie (@bensdoings) Containers vs VMs Google Wisdom: VMs and Containers are similar but different Try running containers in VMs for security Containers are best for scale-out

314 views • 17 slides
FULL STEAM AHEAD A D O D E A G R A N T A W A R D E D T O S I E R R A S A N D S U N I F I E

FULL STEAM AHEAD A D O D E A G R A N T A W A R D E D T O S I E R R A S A N D S U N I F I E

FULL STEAM AHEAD A D O D E A G R A N T A W A R D E D T O S I E R R A S A N D S U N I F I E D 2 0 1 7 - 2 0 2 2 Sierra Sands USDs Full STEAM Ahead for Middle School Military Connected Students project revitalizes and reimagines

191 views • 6 slides
PAUL JACKSON ESQ., OBE DOVETAIL GAMES 100% STEAM. HOW DOVETAIL GAMES STEAM-ONLY POLICY HAS

PAUL JACKSON ESQ., OBE DOVETAIL GAMES 100% STEAM. HOW DOVETAIL GAMES STEAM-ONLY POLICY HAS

PAUL JACKSON ESQ., OBE DOVETAIL GAMES 100% STEAM. HOW DOVETAIL GAMES STEAM-ONLY POLICY HAS BUILT THE FOUNDATION FOR A NEW TYPE OF VIDEOGAME BUSINESS Formed as Railsimulator.com in 2009 Developer and publisher of the Worlds #1

645 views • 20 slides
H-Flex Steam Liner Flexitank Heating Method Introduction What is is H-Fle lex Steam Liner?

H-Flex Steam Liner Flexitank Heating Method Introduction What is is H-Fle lex Steam Liner?

H-Flex Steam Liner Flexitank Heating Method Introduction What is is H-Fle lex Steam Liner? Patented by LiquA, H-Flex Steam Liner is the first and only, flexitank total heating system in the industry. The old heater pad technology is left

135 views • 11 slides
STEAM ENGINES: A THOROUGH AND PRACTICAL PRESENTATION OF MODERN STEAM ENGINE PRACTICE Download

STEAM ENGINES: A THOROUGH AND PRACTICAL PRESENTATION OF MODERN STEAM ENGINE PRACTICE Download

STEAM ENGINES: A THOROUGH AND PRACTICAL PRESENTATION OF MODERN STEAM ENGINE PRACTICE Download Free Author: Anonymous Number of Pages: 186 pages Published Date: 14 Nov 2013 Publisher: Nabu Press Publication Country: United States Language:

120 views • 9 slides
Water, Steam, and Ice the temperatures of the ice and the water compare? The ice is colder than

Water, Steam, and Ice the temperatures of the ice and the water compare? The ice is colder than

Water, Steam, and Ice 1 Water, Steam, and Ice 2 Introductory Question A glass of ice water contains both ice and water. After a few minutes of settling, how do Water, Steam, and Ice the temperatures of the ice and the water compare? The

423 views • 4 slides
What do YOU think STEAM is? Sounds pretty cool, right?!? Here are some questions we have

What do YOU think STEAM is? Sounds pretty cool, right?!? Here are some questions we have

What do YOU think STEAM is? Sounds pretty cool, right?!? Here are some questions we have heard... Frequently asked questions: What makes the STEAM Academy different than MFMS? How do you get into the STEAM Academy? What does my

387 views • 11 slides

More recommend