Im trying to whitelist an appimage game in
Tails that uses networking for multiplayer (so it should not run through
Tor; latency is too bad). I discovered
Tails use the '
clearnet' user to run the '
unsafe browser' (the
unsafe browser does not use
Tor, so that you may login at captive portals). This clearnet user is permitted in the firewall to use TCP (in all other cases Tails
only uses UDP)
So im trying run the appimage as the user
clearnet (via sudo -u clearnet game.AppImage).. But for some reason that I dont understand is the game is reporting an error saying that
"No supported OpenGL profiles were found". I'd like to say the game does run fine when ran as
'amnesia' (the default user), but it doesnt run as any other user (not even root!), giving that error. However it does run as root when invoked via sudo (i.e sudo game.AppImage). So im guesing that
amnesia has something in it's environment that no other user has that allows it to use these OpenGL profiles. Which would explain why 'sudo game.AppImage works', as sudo may be preserving some portion of
amnesia's environment (but then again maybe not, as sudo -u clearnet does not work). I also disabled all apparmor profiles, but still that didn't work. And rememeber I dont want to run it as user
'amnesia' as I dont want it to go through
Tor, so it seems the user
'clearnet is key here.
Here is the full error log message from: ~/.config/thegame/graphics.log
Code:
System.InvalidOperationException: No supported OpenGL profiles were found.
at OpenRA.Platforms.Default.Sdl2PlatformWindow..ctor (OpenRA.Primitives.Size requestEffectiveWindowSize, OpenRA.WindowMode windowMode, System.Single scaleModifier, System.Int32 batchSize, System.Int32 videoDisplay, OpenRA.GLProfile requestProfile) [0x000c3] in <044321142f104d319ff35c7ee1a9937e>:0
at OpenRA.Platforms.Default.DefaultPlatform.CreateWindow (OpenRA.Primitives.Size size, OpenRA.WindowMode windowMode, System.Single scaleModifier, System.Int32 batchSize, System.Int32 videoDisplay, OpenRA.GLProfile profile) [0x00000] in <044321142f104d319ff35c7ee1a9937e>:0
at OpenRA.Renderer..ctor (OpenRA.IPlatform platform, OpenRA.GraphicSettings graphicSettings) [0x00057] in <935747805c924a31bc5fa5fcaf2e207c>:0
at OpenRA.Game.Initialize (OpenRA.Arguments args) [0x00204] in <935747805c924a31bc5fa5fcaf2e207c>:0
System.InvalidOperationException: No supported OpenGL profiles were found.
at OpenRA.Platforms.Default.Sdl2PlatformWindow..ctor (OpenRA.Primitives.Size requestEffectiveWindowSize, OpenRA.WindowMode windowMode, System.Single scaleModifier, System.Int32 batchSize, System.Int32 videoDisplay, OpenRA.GLProfile requestProfile) [0x000c3] in <044321142f104d319ff35c7ee1a9937e>:0
at OpenRA.Platforms.Default.DefaultPlatform.CreateWindow (OpenRA.Primitives.Size size, OpenRA.WindowMode windowMode, System.Single scaleModifier, System.Int32 batchSize, System.Int32 videoDisplay, OpenRA.GLProfile profile) [0x00000] in <044321142f104d319ff35c7ee1a9937e>:0
at OpenRA.Renderer..ctor (OpenRA.IPlatform platform, OpenRA.GraphicSettings graphicSettings) [0x00057] in <935747805c924a31bc5fa5fcaf2e207c>:0
at OpenRA.Game.Initialize (OpenRA.Arguments args) [0x00204] in <935747805c924a31bc5fa5fcaf2e207c>:0
Ofc I can just open up the firewall to allow full network access to the program, but I would like to offer the same protections for it as they did their
'unsafe browser' (i.e. running it as user clearnet whom can't login, and chooting the application).. Here's is how
Tor is enforced in
Tails (if you're interested in how
Tails enforces
Tor, and how the security of that works then this is the most interesting information:
https://tails.boum.org/contribute/de...r_enforcement/)