Dockerfile: use a DNS cache to avoid steam issue 3401. Fix #6

Dockerfile

@@ -53,6 +53,12 @@ RUN cd /tmp && \
     dpkg -i *.deb && \
     rm -f *.deb
 
+# Workaround2: Steam severely floods DNS requests on Linux, so let's use a DNS cache
+# (see https://github.com/ValveSoftware/steam-for-linux/issues/3401)
+RUN apt-get update && \
+    apt-get -y install dnsmasq
+COPY ./dnsmasq.conf /etc/dnsmasq.conf
+RUN cp /etc/resolv.conf /etc/resolv.dnsmasq
 
 # locale-gen: Generate locales based on /etc/locale.gen file
 # update-locale: Generate config /etc/default/locale (later read by /etc/pam.d/su, /etc/pam.d/login, /etc/pam.d/polkit-1)

README.md

@@ -3,26 +3,19 @@
 ## Why?
 
 Some people asked me why would someone want to have Steam in a Docker container?
-
 Few main points which pushed me making this Docker container:
 
 1. I want to set-up more fences when running the code I don't/can't trust; [issue 3671](https://github.com/valvesoftware/steam-for-linux/issues/3671)
-
 2. I don't want to spend time on figuring out how to install Steam (what deps) in a non-Debian (or non-SteamOS) based distro;
-
 3. I like cleanliness: I can erase Steam and all its dependencies in a matter of seconds;
 
-
 And few Pros from my PoV:
 
 - I can have Steam on my Ubuntu/openSUSE/[put any other distro I will want to use] in a short time that Docker takes when downloads this Steam container;
-
 - Since Steam is meant to run in Debian (SteamOS) based distro, it is not a problem anymore, since it is in a container now.
 
-
 Suggestions / PR's are welcomed!
 
-
 ## What's tested?
 
 The following games have been tested:
@@ -30,6 +23,7 @@ The following games have been tested:
 - Half-Life: Counter-Strike 1.6
 - Counter-Strike: Global Offensive
 - Iron Snout
+- Toribash
 
 Tested in Ubuntu 16.04 LTS (64bit) and openSUSE Leap 42.1
 with the following GPU's:
@@ -38,41 +32,53 @@ with the following GPU's:
 - Intel HD Graphics 4400
 - NVIDIA's GeForce GTX 560 Ti
 
-
 ## Requirements
 
 - [Docker](https://www.docker.com/)
 - [Docker Compose](https://docs.docker.com/compose/) minimum version 1.7.3
 
-
 # Building and launching Steam
 
-## Build Steam Docker image
+## Launching Steam in Docker
 
-You may want to re-run this command later on in order to keep the image updated.
+The simplest way to launch Steam is by running:
 
-```
-docker build -t andrey01/steam .
+```sh
+git clone https://github.com/arno01/steam.git
+cd steam
+docker-compose run steam
 ```
 
+If Steam does not start, you may need to allow your user making local
+connections to X server, which can be achieved with this command on host:
 
-## Launch the Steam in Docker
-
-You may need to allow your user making local connections to X server,
-which can be achieved with this command:
-
-```
+```sh
 xhost +SI:localuser:$(id -un)
 ```
 
-You can use the following shortcut function and place it to your `~/.bash_aliases` file
+You can use the following shortcut function and place it to your `~/.bash_aliases` file:
 
-```
-function docker_helper() { { pushd ~/docker/$1; docker-compose rm -fa "$1"; docker-compose run -d --name "$1" "$@"; popd; } }
-function steam() { { docker_helper $FUNCNAME $@; } }
+```sh
+function docker_helper() {{
+    pushd ~/docker/$1
+    docker-compose rm -fa "$1"
+    docker-compose run -d --name "$1" "$@"
+    popd
+}}
+function steam() {
+    docker_helper $FUNCNAME $@
+}}
 ```
 
-Then just issue "steam" command to run Steam in docker.
+Then just use `steam` command to run Steam in docker.
+
+## Updating Steam Docker image
+
+You may want to re-run this command later on in order to keep the image updated:
+
+```sh
+docker build -t andrey01/steam .
+```
 
 ## Troubleshooting
 
@@ -84,8 +90,8 @@ The best result is when you have a similar to the following output, using the `g
 
 If you are getting `segmentation fault` error or Steam does not start, then you could try resetting its config:
 
-```
-$ docker-compose run --rm steam --reset
+```sh
+docker-compose run --rm steam --reset
 ```
 
 ## Grsecurity notes
@@ -100,9 +106,9 @@ It only needs a `/proc/sys/kernel/grsecurity/tpe_gid` accessible by root for rea
 
 ### grsec: PaX
 
-It is also working with PaX part of the grsecurity.  
-I have tested it with Half-Life games like CS 1.6, and CS:GO.  
-Please refer to the `launch` file if grsecurity is blocking some executable or a library.  
+It is also working with PaX part of the grsecurity.
+I have tested it with Half-Life games like CS 1.6, and CS:GO.
+Please refer to the `launch` file if grsecurity is blocking some executable or a library.
 
 
 # Links

dnsmasq.conf

@@ -0,0 +1,42 @@
+#
+# Configuration file for dnsmasq acting as a caching nameserver.
+#
+# Format is one option per line, legal options are the same
+# as the long options legal on the command line. See
+# "/usr/sbin/dnsmasq --help" or "man 8 dnsmasq" for details.
+#
+# Updated versions of this configuration file may be available at:
+#
+#   http://www.g-loaded.eu/2010/09/18/caching-nameserver-using-dnsmasq/
+#
+
+#
+# Basic server configuration
+#
+
+listen-address=0.0.0.0
+port=53
+bind-interfaces
+user=root
+pid-file=/var/run/dnsmasq.pid
+
+#
+# Logging
+#
+
+#log-facility=/var/log/dnsmasq.log
+#log-queries
+
+#
+# Name resolution options
+#
+
+domain-needed
+bogus-priv
+no-hosts
+dns-forward-max=150
+cache-size=1000
+#no-negcache
+neg-ttl=3600
+resolv-file=/etc/resolv.dnsmasq
+no-poll

docker-compose.yml

@@ -30,6 +30,7 @@ services:
       - /usr/X11R6/lib64:/h11_64:ro
       - /usr/lib:/h12_32:ro
       - /usr/lib64:/h13_64:ro
+    dns: steam # a DNS cache is needed to avoid upstream bug https://github.com/ValveSoftware/steam-for-linux/issues/3401
     devices:
       - /dev/nvidia0
       - /dev/nvidiactl

launch

@@ -5,6 +5,8 @@
 #
 exec 2>&1
 
+service dnsmasq start
+
 #
 # Befriend with grsecurity patched Linux kernel
 #