Comment by Arnavion

https://gist.github.com/Arnavion/81006757190c29aa0b24c674e24...

The first `#` line in each file is the path where that file should go.

Use ~/src/non-oss-container/build.sh to build the container image and ~/.local/bin/steam to run a Steam container using that image.

The Steam container-specific homedir will be ~/non-oss-root/steam

The default COMMAND runs Steam with the built-in web browser disabled. I don't use it so I keep it disabled, except that you can't uninstall games from the default view if the web browser is disabled. Launch Big Picture View and uninstall from there.

The X socket is mounted from the host, so if you're worried about malicious programs intercepting your other X windows or input devices, then this level of sandboxing will not help. (I don't care because I use a wayland compositor and run nothing of importance in Xwayland.) In this case you may want to consider running a nested X server like xephyr and mounting its socket in the container instead.