Valve Fixes Portal 2 and SELinux Security Blunder

Portal 2 finally received a patch that allows Fedora users to play the game

By on March 15th, 2014 20:28 GMT

The release of Portal 2 on Steam for Linux has been one of the biggest this year and one of the biggest blunders of Valve since the start of the open source endeavor. The problem has now been fixed and we expect to see a much better interaction with the Linux community.

We reported last week about a problem that occurred between the Portal 2 engine and SELinux, a Linux kernel module that is designed to manage the operating system policies. Various Linux distributions use different solutions for this aspect, and SELinux is mostly being used by Fedora and all other Fedora-based distributions.

Users were unable to play the game because the Portal 2 engine had a fight to the death with SELinux. The problem was caused by a third-party MP3 decoder (Miles) which, in turn, used execheap, a feature that is normally disabled by SELinux. execheap allows a program to map a part of the memory so that it is both writable and executable.

The answer of a Valve developer to just shutdown SELinux in order to play the game, closing a legitimate bug entry on Github, caused a massive blowback from the Linux community, which forced the developers to reopen that bug.

He eventually apologized for the entire incident and the Portal 2 fan who were using Fedora distributions have been waiting for a solution, which actually arrived pretty quickly.

The first message posted on Github regarding this issues was very encouraging. “We have just shipped an update which includes an attempt to fix this issue. Would appreciate SELinux users testing it and diving feedback on whether it works. Note: your system will need to allow execution on files in /tmp”.

After proper testing took place, another message has been posted that informed the Linux community that the bug has been fixed and everything should go back to normal.

“A new update has been released with debugging code removed. It should now also work even if /tmp is noexec. Closing this out. Please let me know if it fails for anybody” reads the announcement from the developer.

All these issues opened a very interesting Pandora’s Box. There are many users out there that said they were willing to shutdown SELinux in order to play the game, and a lot of them also said that this is the first thing they do anyway. This is not the last time that we will hear about issues with SELinux and conflict with other applications.

1 Comment