this post was submitted on 24 Sep 2023
8 points (83.3% liked)

SteamDeckPirates

1713 readers
10 users here now

Discuss piracy on Valve's portable handheld - the Steam Deck.

founded 1 year ago
MODERATORS
 

I know there are some tools including firejail and bindtointerface on standard Linux Distros, but they don't run in userland, so whenever the deck updates they will be overwritten.

Anyone have any ideas how to block access on a Steam Deck?

top 12 comments
sorted by: hot top controversial new old
[–] [email protected] 1 points 1 year ago (1 children)
[–] [email protected] 1 points 1 year ago (1 children)

Thanks for the suggestion, I think the main issue is doing it on the Steam Deck. On a native Linux machine it's easier. I don't see a way to install OpenSnitch on the Steam Deck with the read-only file system and whatnot. I think a pi-hole and block DNS might be easier than trying to mess with SteamOS.

[–] [email protected] 0 points 1 year ago* (last edited 1 year ago) (1 children)

You can't install applications on steam deck and there is a read only file system???? Whaaaatttt???????

Edit: I asked a friend that has a steam deck, he explained you can easily disable the read-only system, do whatever you want on a Linux system and reenable it afterwards.

[–] [email protected] 0 points 1 year ago (1 children)

From what i understand any changes to the system outside of the userland will be overwritten after a SteamOS update.

[–] shindig1457 3 points 1 year ago (1 children)

That is correct. The best case is to write a script to make your desired changes, and then run it after each system update.
My own use-case is that I have a NFS mount-point for my Steam Deck to use extra storage on my NAS. After the first time I figured out how to get it mounted, I made a script to disable read-only filesystem, make all the changes to the system, and then re-enable read-only filesystem. After every system update, I just run that script once.

[–] [email protected] 1 points 1 year ago (1 children)

Thanks for the reply!

I can find my way around bash, but the most advanced script I've personally authored it probably "Hello World." Would you be willing to share the script from pastebin or github? IDK, I guess you could copy and paste it posted on Lemmy.

I think I need to do exactly what you recommended, but I may need some help setting it up. So are an update, you simply run the script to get the system changes re-applied?

[–] shindig1457 1 points 1 year ago* (last edited 1 year ago) (1 children)

This is the script. /home/deck/scripts/fstab contains my customised fstab file. Yes, after an update, I just run this script once.

#!/bin/bash

if [ ! -f ~/.config/kdesurc ];then
  touch ~/.config/kdesurc
  echo "[super-user-command]" > ~/.config/kdesurc
  echo "super-user-command=sudo" >> ~/.config/kdesurc
fi

if [ ! -f /var/mnt/nas ];then
  sudo -c 'sudo mkdir "/var/mnt/nas"'
fi

sudo cp -a /home/deck/scripts/fstab /etc/fstab
sudo steamos-readonly disable
sudo pacman -Syy
sudo pacman-key --init
sudo pacman-key --populate
sudo pacman -S --overwrite "*" nfs-utils
sudo steamos-readonly enable
sudo mount -a
[–] [email protected] 1 points 1 year ago

Thank you. I really appreciate you sharing, this helps a lot!

[–] [email protected] 1 points 1 year ago

Doesn't flatpak use bubblewrap for it's permissions? Otherwise would those programs work in distrobox?

[–] [email protected] 1 points 1 year ago (1 children)

Uh, under Windows use NetLimiter. Under Linux? Try AppArmor based policies, otherwise... No idea.

[–] [email protected] 0 points 1 year ago (1 children)

Hmm, I wonder if SteamOS has AppArmor by default so I can tinker with it.