[Bug 1205997] New: SELinux policy prevents launching steam games and bottles applications
http://bugzilla.opensuse.org/show_bug.cgi?id=1205997 Bug ID: 1205997 Summary: SELinux policy prevents launching steam games and bottles applications Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: x86-64 OS: SUSE Other Status: NEW Severity: Critical Priority: P5 - None Component: MicroOS Assignee: kubic-bugs@opensuse.org Reporter: ficous@protonmail.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:107.0) Gecko/20100101 Firefox/107.0 Build Identifier: I've tested on Silverblue, MicroOS, Leap, and Tumbleweed all on fresh VMs. This issue only occurs on MicroOS. 32 bit applications launched through Steam crash instantly as both native and wine apps, and any application run through Bottles, either 32 or 64 bit, will crash instantly. Steam and Bottles programs run though wine give this error:
wine: could not load kernel32.dll, status c0000135
Native steam games give this error:
failed to dlopen /home/shaw/.var/app/com.valvesoftware.Steam/.local/share/Steam/steamapps/common/Left 4 Dead 2/bin/engine.so error=/home/shaw/.var/app/com.valvesoftware.Steam/.local/share/Steam/steamapps/common/Left 4 Dead 2/bin/engine.so: cannot enable executable stack as shared object requires: Permission denied failed to dlopen engine.so error=engine.so: cannot enable executable stack as shared object requires: Permission denied AppFramework : Unable to load module engine.so! Unable to load interface VCvarQuery001 from engine.so
Of note, 64 bit applications through steam (like rimworld) work just fine with SELinux enabled, while 32 bit games like L4D2 crash with that second error code above. What I find interesting is in both of these failures the programs report that they aren't able to find or access libraries they need. All my searching kept turning up someone familiar, and turns out when I disable SELinux the problem vanishes entirely. I A-B tested back and forth and everytime I disable SELinux I can launch everything perfectly, but once I re-enable it's sad gamer town again. I'm 100% out of my depth when it comes to actual SELinux configuration, so I'm really at an impass. I have tried scowering wine_selinux's manpage and I applied these modifications to the system, but there was no change in behavior.
semanage permissive -a wine_t setsebool -P mmap_low_allowed 1 setsebool -P wine_mmap_zero_ignore 1
Additionally, this issue or set of issues doesn't seem to be limited to my machine. [Similar wine issue reproduced by BottlesDev](https://github.com/bottlesdevs/Bottles/issues/1968#issuecomment-1241770916) [Similar native Issue](https://github.com/flathub/com.mattjakeman.ExtensionManager/issues/2#issue-1...) [Similar native issue](https://github.com/flathub/com.parsecgaming.parsec/issues/18) [Similar native issue](https://github.com/flathub/net.jami.Jami/issues/52#issue-1254111513) [Somewhat Similar Garry's Mod issue](https://github.com/Facepunch/garrysmod-issues/issues/5056#issue-997323679) *it's always SELinux :P* Reproducible: Always Steps to Reproduce: 1. Install MicroOS 2. Install Bottles 3. Create a Gaming bottle (which partially fails silently due to this issue) 4. Install Battlenet 5. Battlenet will not be installed because the installer executable never executed During steps 3 and 4 the *wine: could not load kernel32.dll, status c0000135* error will spam every time bottles attempts to launch an executable. 1. Install MicroOS 2. Install Steam 3. Install any 32bit game. Fistful of Frags is free and affected by this 4. Launch the game natively or through proton 5. Instant crash, or if you're lucky you'll get a gui error Actual Results: N/A Expected Results: N/A MicroOS fresh install into a VM. Nothing installed, modified, or tweaked other than installing bottles. -- You are receiving this mail because: You are the assignee for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1205997
http://bugzilla.opensuse.org/show_bug.cgi?id=1205997#c1
--- Comment #1 from Dayna Shaw
sudo setenforce 0
Just temporary until next boot. You can figure out how to set that permanently. -- You are receiving this mail because: You are the assignee for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1205997
http://bugzilla.opensuse.org/show_bug.cgi?id=1205997#c2
Richard Brown
participants (1)
-
bugzilla_noreply@suse.com