I’ve been seeing a lot of bazzite recommendations recently, and it sure sounds great. An atomic fedora, gaming optimisations out of the box. It just works.
We’ll that’s not been my experience for V-rising, and I wanted to share it incase others anyone else encounters the issues I did.
First and foremost I am sure there major issue is the game, more than any given distro. I’ve been happily running arch on my home PC for 7 years. Its been great, no issues, I’ve loved it. As my free time decreased, that computer had become just for gaming. The maintenance debt was building up, I knew the dream run with arch must end. That end was V rising, crashed frequently, all kinds of stage behaviour. I assumed a vulkan issue, but couldn’t easily find a fix, and didn’t want to waste any more time on it.
I went with Bazzite, but to no avail. The crashing problem got worse. Only now i had to deal with the sluggish flatpack versions of things. Its not that bad, but us a was a very noticeable change.
If it had just been me, I think this is whereui would have given up. But I was playing with my wife and mate online, both of whom also use Linux and weren’t having the crashing issue. On my wifes computer i had recently installed bazzite. It did have issues, mostly flickering which i chalked up to a too early switch to Wayland on a gtx1080. My mate was on mint, with a 3060 and v rising was working perfectly.
I switched to mint (I am running and a 5700xt), and my problems were fixed just like that.
Next was to solve the wife’s woes, so I switched her to mint too. Which resulted in v rising not being able to load, freezing up the computer every attempted requiring a X restart. Didn’t matter which version of the nvidia drivers i used. The flickering was gone though, so that was something. Pop-os was the solution, took a bit of understanding popshops preferred order of events to get nvidia drivers installed, but now all is fine.
So the lesson I think i might have learned, old hardware and new (vulkan) games require unidentified settings to work and easiest solution is just distro hop till success. Big shout out to steams transfer over network functionality (i also needed to install bg3 each new distro, it ran fine on every combination but bazzite was noticably more flaky).
It doesn’t matter, but does any one have and ideas as to why v rising caused such headaches? 7 years a Linux gaming, and nothing has required more than a few hours of tinkering at most to get to work until this.
Tldr. Needed a safe space to debreif, everything worked out in the end.
Late reply, had this in my inbox for a while.
Interesting bugzilla thread indeed.
seccomp vs userns
I dont know about the security difference between nested seccomp filters and user namespaces. I dont know how good the achieved process isolation is.
But I can imagine that the Firefox approach is better.
chromium
Also note that Chromium has a setuid sandbox mode which is kept as fallback. Found that through secureblue.
I know that bubblejail is currently broken for me, I will uninstall it, remove the configs and reinstall it again.
I think running FF with userns enabled AND isolated with bubblejail is best, and it is possible.
flatpak and seccomp
Flatpak has a real issue with their loose and kinda random badness-enumerating seccomp filter. See this issue
The problem is, app devs dont know removed about seccomp, some other project (was it GNOME?) just uses the Flatpak filter because they also dont know enough about it.
It would be best to have a modular approach, with “security building blocks”.
Browsers have the “
base
” set of rules, which is the most unrestricted there is, allowing user namespaces.All apps by default get the “
standard
” set which is base, without userns.And there can be a more secure one for
strong
andverystrong
isolation.browser updates
Firefox has a builtin updater, Distros just remove that. So the Mullvad Tarball and also an official Firefox or Thunderbird tarball will autoupdate.
But as the app lies in an insecure location, its source could be modified. So it is always best to have apps somewhere only root can change.
Same for flatpaks actually,
--user
flatpaks are installed to the user homedir without any permissions and could be tampered with by any process.