Subj : Re: Play Rogue in my lame server

Subj : Re: Play Rogue in my lame server
To : ryan
From : Arelor
Date : Sat Apr 03 2021 06:24 pm

Re: Re: Play Rogue in my lame server
By: ryan to Arelor on Sat Apr 03 2021 11:53 am

> Ar> You can replicate this functionality with AppArmor or firejail in Linux
>
> Hm, interesting. I have heard mixed reviews about firejail.
>
> One thing I was considering was putting each game into its own chroot sandbo
> and making a user account automatically for each user that tries to run a
> game within that chroot. Not sure of performance but seems like a safe
> option. I assume this would take a ton of preparation and upkeep lol.

No offense, but that sounds too cumbersome an approach.

For reference, the current architecture in my game server is as follows:

->User SSHs in->Shell chroots into a filesystem tree that holds all the games
->Shell drops privileges (now there is no easy scaping the chroot)->User uses
shell to launch game->Game containerizes itself using OpenBSD system calls (now
the only resources the game can leverage are the ones the game needs).

Ther big con is you have to patch each game manually, in order for the game to
containerize itself. But the approach is hard to beat.

Most of the procedure is to be published in an incoming Linux Magazine issue
btw.

The chroot used for the whole deployment is only one. The whole thing is very
compact.

If I was doing it on linux, I would just use firejail and have the game
launcher invoke firejail as to containerize each launched game. I am not a
great fan of firejail but it sounds better to me than using an orchestator to
launch a whole container for each user :-D

--
gopher://gopher.richardfalken.com/1/richardfalken
--- SBBSecho 3.14-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (77:1/114)