Merge pull request #106409 from jonringer/fix-steam

steam: fix paradox launchers, and electron apps

pkgs/build-support/build-fhs-userenv-bubblewrap/default.nix

@@ -1,20 +1,27 @@
-{ callPackage, runCommandLocal, writeShellScriptBin, stdenv, coreutils, bubblewrap }:
+{ lib, callPackage, runCommandLocal, writeShellScriptBin, stdenv, coreutils, bubblewrap }:
-
-let buildFHSEnv = callPackage ./env.nix { }; in
 
 args @ {
-  name,
+  name
-  runScript ? "bash",
+, runScript ? "bash"
-  extraInstallCommands ? "",
+, extraInstallCommands ? ""
-  meta ? {},
+, meta ? {}
-  passthru ? {},
+, passthru ? {}
-  ...
+, unshareUser ? true
+, unshareIpc ? true
+, unsharePid ? true
+, unshareNet ? false
+, unshareUts ? true
+, unshareCgroup ? true
+, ...
 }:
 
 with builtins;
 let
+  buildFHSEnv = callPackage ./env.nix { };
+
   env = buildFHSEnv (removeAttrs args [
     "runScript" "extraInstallCommands" "meta" "passthru"
+    "unshareUser" "unshareCgroup" "unshareUts" "unshareNet" "unsharePid" "unshareIpc"
   ]);
 
   chrootenv = callPackage ./chrootenv {};
@@ -92,8 +99,12 @@ let
       --dev-bind /dev /dev
       --proc /proc
       --chdir "$(pwd)"
-      --unshare-all
+      ${lib.optionalString unshareUser "--unshare-user"}
-      --share-net
+      ${lib.optionalString unshareIpc "--unshare-ipc"}
+      ${lib.optionalString unsharePid "--unshare-pid"}
+      ${lib.optionalString unshareNet "--unshare-net"}
+      ${lib.optionalString unshareUts "--unshare-uts"}
+      ${lib.optionalString unshareCgroup "--unshare-cgroup"}
       --die-with-parent
       --ro-bind /nix /nix
       ${etcBindFlags}

pkgs/games/steam/fhsenv.nix

@@ -35,6 +35,10 @@ let
       # Steam VR
       procps
       usbutils
+
+      # electron based launchers need newer versions of these libraries than what runtime provides
+      mesa
+      sqlite
     ] ++ lib.optional withJava jdk8 # TODO: upgrade https://github.com/NixOS/nixpkgs/pull/89731
       ++ lib.optional withPrimus primus
       ++ extraPkgs pkgs;
@@ -175,7 +179,6 @@ in buildFHSUserEnv rec {
     libidn
     tbb
     wayland
-    mesa
     libxkbcommon
 
     # Other things from runtime
@@ -265,6 +268,10 @@ in buildFHSUserEnv rec {
     broken = nativeOnly;
   };
 
+  # allows for some gui applications to share IPC
+  # this fixes certain issues where they don't render correctly
+  unshareIpc = false;
+
   passthru.run = buildFHSUserEnv {
     name = "steam-run";