|
|
|
|
|
|
by Arnavion
4172 days ago
|
|
|
Steam shouldn't run as its own user. It's a user-level process, not a system process. It needs to have user-specific things (install directory, save games, etc.) that need to be accessible to the person using it. Separating processes into users is only one method of sandboxing, and not appropriate in this case. Sandboxing via mechanisms like SELinux is the correct solution. One of the users in the Github thread even mentions how SELinux prevented the same thing from happening on his machine. |
|
|
I actually separated Steam into a sand-boxed "steam" user account. But maybe that's because I learned Unix on BSD and never included SELinux or how to use it (and it isn't obvious from a desktop user accounts perspective), I should probably check that out.