for some time i was trying to somehow limit blast radius of steam installation. after all – it's a bunch of binary images ran with high privileges (i.e. on your OS, as your user). for a long time i was running steam as a separate user account. yet this was not perfect, since steam packages still had to be installed on the system.
as a next step i've tried using chroot()
. TL;DR – it was complicated and at the end of the day, did not work as expected. main issues were around forwarding access to GPU and audio devices.
next approach was to use VM. there is a very promising virgl project, that combined with qemu allows for a near-native GPU experience (in terms of performance). unfortunately debian 11 does not have latest packages and i failed to make it work fast enough to be useful for gaming. anyway, for future me – the key flags here are:
-device virtio-vga-gl
-display gtk,gl=on
let's hope it will work in next release.
when this also failed, my weapon of last resort was containerization. compared with both previous attempts it was surprisingly smooth experience. with some background in the area and some reading wrt GPU and audio forwarding, i've managed to compile a working image with helper runner script in one evening. and so – behold the mighty steam image project, readily available on my github account! ;) it offers:
i hope this will do the trick for the time being. though i still hope for VM with virio for GPU in qemu, in debian:12. but until then – have fun! :D