How can I run Xorg (with wine or Lutris) with filesystem isolation?
Hi all,
I use a wayland Gentoo system, but I want to run Lutris for gaming. I would like to do this with at least some degree of filesystem isolation, as Lutris seems to install dependencies on its own and it pollutes the system in ways I cannot track.
What is the best way to do this? is it possible to do in a chroot? or mount namespaces? will it give me a lot of trouble?
It seems that merely installing things in a chroot and running it is not enough.
I do this using lxc, all my environments are different, debian base, arch gaming and some browsing, Ubuntu for work, etc.
Look at lxc-create -t download
Then you just add permissions for the child os to access the x11 and dri and it's gorgeous.
I guess the flatpak package would be the easiest, and most supported, option you have. You can use flatseal to restrict what permissions it has, including what directories it has access to.
If I just use the flatpak as is, does it already provide filesystem isolation akin to a chroot? I dont need it to be incredibly secure, just some basic isolation is enough for me. I just want the installation to be easily reversible rather than having to track down installed files. Lutris installs a lot of stuff outside of the package manager, so I figured filesystem isolation would provide easy means of undoing everything it does
Flatpak can provide file system isolation, but not to the level of chroot. It provides a sandbox for things to run in and a way to distribute packages and dependencies. And it has a permission system to keep things in check. But with lutris, you may want to let it write to ~/Games/ or whenever you want your games at.
Maybe give the docs a skim for more details.
Install it using the flatpack and tweak the desired access with FlatSeal
Bottles has isolation. You can further that with the flatpak version of bottles.
You can do that with distrobox, which uses podman