| 19 Jun 2026 |
 Atemu | Unfortunately not because you need CAP_SYS_NICE in the root namespace | 15:03:16 |
 K900 | In reply to @marie:marie.cologne
https://github.com/containers/bubblewrap/issues/653
Does this fix the steamvr capability thing? If we add --not-a-security-boundary to steams fhsenv, once released? No, you can't gain capabilities inside a userns | 15:11:43 |
 magic_rb | We can do that with run0 no technically. Launch steam with cap_sys_nice, bwrap would then neatly pass it through | 15:13:29 |
| K900 | As in the kernel won't let you | 15:12:02 |
| magic_rb | * | 15:14:07 |
| K900 | In reply to @magic_rb:matrix.redalder.org
It should fix also the chromium in steamos thing iirc I don't think it will either | 15:12:54 |
| K900 | The real problem is that user namespaces are inherently no_new_privs | 15:13:11 |
| K900 | Well you can do it to the entire Steam process tree yeah | 15:13:50 |
| K900 | Actually I'm not sure if you can even inherit capabilities into a userns | 15:14:35 |
| K900 | But maybe? | 15:14:38 |
| Atemu | You might in general but this one specifically, you can't | 15:16:35 |
 ElvishJerricco | isn't the whole point of user namespaces that you get all capabilities, they're just scoped by the ones the creator had in the parent namespace? | 15:16:41 |
| magic_rb | Yeah thats what i thought. If the creator has nice, then anything in the ns should be able to | 15:17:51 |
| Atemu | You'd think but no | 15:18:06 |
| Atemu | And it's intentional | 15:18:16 |
| magic_rb | :( | 15:18:32 |
| K900 | In reply to @elvishjerricco:matrix.org
isn't the whole point of user namespaces that you get all capabilities, they're just scoped by the ones the creator had in the parent namespace? I don't think so | 15:18:32 |
| K900 | Not when you're doing UID remapping | 15:18:41 |
| K900 | Which we are | 15:18:44 |
| magic_rb | So what is the solution to our nice problem, rtkit? | 15:18:55 |
| Atemu | Long story short: Your options are either to patch your graphics driver to not require the cap for high-prio queues or use Monado | 15:19:11 |
| magic_rb | Cause if im to port jovian to the frame, ill need some other solution | 15:19:30 |
| ElvishJerricco | $ unshare -Uc --keep-caps setpriv -dd | rg -o sys_nice
sys_nice
sys_nice
sys_nice
sys_nice
sys_nice
also works with -r instead of -c
| 15:19:37 |
| magic_rb | Fucking if i have to patch the kernel, so be it | 15:19:42 |
| ElvishJerricco | you definitely have the cap | 15:19:43 |
| K900 | In reply to @magic_rb:matrix.redalder.org
So what is the solution to our nice problem, rtkit? Wait for kernel to get proper DRM scheduling priorities and then rtkit | 15:19:43 |
| ElvishJerricco | I just dunno if that cap is usable for anything meaningful | 15:20:11 |
| K900 | I'm not sure what the Frame will do but I don't think Adreno even has priority contexts | 15:20:15 |
| Atemu | I used to do the former but recently found out that the latter is feasible these days as Monado has a STEAMVR_LH driver | 15:20:34 |
| magic_rb | (I hope youve time k900, ill need your help for the port, i cant do it by myself) | 15:20:52 |
