There are issues with running Steam for Linux on a system with SELinux enabled. It is possible that WebKit is partially to blame. The issue I've come across (https://github.com/ValveSoftware/steam-for-linux/issues/88) gives the following diagnostic information (with uninteresting data pruned for brevity): type=AVC msg=audit(...): avc: denied { execheap } for pid=4329 comm="MainThrd" ... type=SYSCALL msg=audit(...): arch=40000003 syscall=125 success=no exit=-13 a0=e9ac000 a1=c000 a2=7 a3=fff5bfcc ... From this, one can derive that the violation is changing the memory protection (syscall=125 means mprotect), of a 48 kilobyte buffer to be both writable and executable (a2=7 means PROT_READ | PROT_WRITE | PROT_EXEC). I guess this is due to some JIT compilation going on in Steam (barring attackers, why else would anyone enable execution?), which would be due to WebKit (as suggested by the developer). As far as I know, you don't need memory to be both writable and executable for JIT compilation. This issue looks like evidence of something bad happening in WebKit's JavaScript interpreter: 1) For one, memory should never be both writable and executable. On Windows, this would be a violation under DEP. 2) It's apparently a bad idea to use heap memory for this (according to Ulrich Drepper, at least: http://www.akkadia.org/drepper/selinux-mem.html). (This issue seems similar to #35154, but 1) that issue lacked enough logging information to confirm, and 2) the missing permission there was execmem, rather than execheap.)
By default the JIT will make use of RWX memory, so if you want to run on a system that doesn't allow WX you need to configure your platform to enable the ENABLE_ASSEMBLER_WX_EXCLUSIVE setting. I'm not sure how well tested this code path is in ToT, but the code is all still there – if you run into any issues please file bugs with specific backtraces.
(In reply to comment #1) > By default the JIT will make use of RWX memory, so if you want to run on a system that doesn't allow WX you need to configure your platform to enable the ENABLE_ASSEMBLER_WX_EXCLUSIVE setting. I'm not sure how well tested this code path is in ToT, but the code is all still there – if you run into any issues please file bugs with specific backtraces. WX_XCLUSIVE is currently totally hosed :(
*** This bug has been marked as a duplicate of bug 76413 ***