Personally I wouldn't trust chroot alone. There were some privilege escalation bugs available in the past from "forgot to sandbox the cwd" [1] to more sophisticated exploits via "nsswitch in docker" [2].
But, of course, given the amount of bugs I'd say that chroot is as secure as it can get. But always take everything with a grain of salt, chroot developers also make mistakes, like everyone.
The problem with chroot is not chroot itself, but all the libraries linked in the binaries. And if I know any statement to be true, it's that game developers on Steam don't give a damn about correctly linking anything. I mean, they even don't get 64bit right. And we have 64bit architecture mainstream since 2005 or so...
Personally I wouldn't trust chroot alone. There were some privilege escalation bugs available in the past from "forgot to sandbox the cwd" [1] to more sophisticated exploits via "nsswitch in docker" [2].
But, of course, given the amount of bugs I'd say that chroot is as secure as it can get. But always take everything with a grain of salt, chroot developers also make mistakes, like everyone.
The problem with chroot is not chroot itself, but all the libraries linked in the binaries. And if I know any statement to be true, it's that game developers on Steam don't give a damn about correctly linking anything. I mean, they even don't get 64bit right. And we have 64bit architecture mainstream since 2005 or so...
[1] https://github.com/aykit/chroot-privilege-escalation
[2] https://nvd.nist.gov/vuln/detail/CVE-2019-14271