mybin

my ~/bin
git clone https://a3nm.net/git/mybin/
Log | Files | Refs | README

steam (2300B)

      1 #!/bin/bash
      2 
      3 # steam wrapper script
      4 # check that Steam is correctly sandboxed and run it in its X server
      5 # this script is not part of Steam and not endorsed by Valve, inc.
      6 
      7 VOLUME="/home" # where quotas are setup
      8 ID=`whoami`
      9 PRIVATE="/home/$ID/.ssh/id_rsa" # an existing file that you want to protect
     10 QUOTA="8192000" # steam's quota, in bytes
     11 DCMD="sudo su steam -s /bin/bash -c"
     12 PRIVPORT="23" # a port that steam shouldn't be able to access
     13 
     14 if groups steam | tr -d ':' | tr ' ' '\n' | grep -v '^$' |
     15     grep -vE '^(steam|video|audio)$'> /dev/null
     16 then
     17   echo "steam should be in group steam video audio, actual groups are:"
     18   groups steam
     19   echo aborted
     20   exit 1
     21 fi
     22 
     23 if [ ! -f "$PRIVATE" ]
     24 then
     25   echo "\$PRIVATE is not correctly set: cannot reach $PRIVATE"
     26   echo aborted
     27   exit 2
     28 fi
     29 
     30 if $DCMD "ls $PRIVATE >/dev/null 2>/dev/null"
     31 then
     32   echo "steam shouldn't be able to access $PRIVATE"
     33   echo aborted
     34   exit 2
     35 fi
     36 
     37 if ! (quotaon -p "$VOLUME" | grep '^user' | grep 'is on' >/dev/null)
     38 then
     39   echo "quotas are not enabled for $VOLUME:"
     40   quotaon -p "$VOLUME"
     41   echo aborted
     42   exit 5
     43 fi
     44 
     45 RQUOTA=$($DCMD "quota --show-mntpoint" |
     46   grep -A1 "$VOLUME" | sed 1d | awk '{print $3}' | tr -dc '0-9\n')
     47 
     48 # http://stackoverflow.com/a/806923
     49 re='^[0-9]+$'
     50 if ! [[ $RQUOTA =~ $re ]]
     51 then
     52   echo "could not understand quota for steam"
     53   $DCMD "quota --show-mntpoint"
     54   echo aborted
     55   exit 6
     56 fi
     57 
     58 if [ ! "$RQUOTA" -gt 0 ]
     59 then
     60   echo "no quota for steam seems set"
     61   $DCMD "quota --show-mntpoint"
     62   echo aborted
     63   exit 6
     64 fi
     65 
     66 if [ ! "$RQUOTA" -le "$QUOTA" ]
     67 then
     68   echo "quota limit for steam is $RQUOTA which is >$QUOTA"
     69   $DCMD "quota --show-mntpoint"
     70   echo aborted
     71   exit 6
     72 fi
     73 
     74 if ! ($DCMD "cat /proc/\$\$/cgroup" |
     75     grep 'memory:/steam' >/dev/null)
     76 then
     77   echo "steam processes are not in the steam cgroup for memory:"
     78   $DCMD "cat /proc/\$\$/cgroup"
     79   echo aborted
     80   exit 7
     81 fi
     82 
     83 if $DCMD "curl portquiz.net:80 2>/dev/null >/dev/null"
     84 then
     85   if $DCMD "curl portquiz.net:$PRIVPORT 2>/dev/null >/dev/null"
     86   then
     87     echo "steam port $PRIVPORT is not filtered"
     88     echo aborted
     89     exit 8
     90   fi
     91 else
     92   echo "steam cannot access portquiz.net:80, are you connected?"
     93   echo aborted
     94   exit 9
     95 fi
     96 
     97 # now everything is OK
     98 
     99 # must tell pulseaudio to stop accessing sound devices
    100 pasuspender -- $DCMD "xinit -- :2"
    101