Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ

My current setup is a halfway between insanely secure and functionally useless, so take this with a grain of salt;

SELinux on a debian LTS host, VM to something similarly secure (I use arch to try n get the debian LTS stability + arch quick patches but i might be wrong), hosting as s new user per app a wine podman container using x11docker'd xpra2-xwayland option, and gpu pass through it all.

This gives pretty fine grain control to each individual feature your app is allowed to run, and numerous layers in case like 3 of them all concurrently have security flaws.

Eventually I want to look into the feasibility of sliding g-visor in the podman layer, but I figured I should probably make sure I spend some time actually plating games lol

Get your games from trusted sources, make sure the hash lines up, and don't worry about it. Especially since you're on Linux--you'll be absolutely fine. Common sense goes a long way.

If you're really paranoid, you could run the game inside bubblewrap, inside a container.

Not an expert, but I assume Bottles would be a good idea. It allows you to create separate wine prefixes for each app so if any app is malicious, it shouldn't affect any other one.

Spin up a VM, load the game on that.