disallow networking flag
Willie Sippel
willie at zeitgeistmedia.net
Mon Mar 20 19:37:51 CST 2006
Am Montag, 20. März 2006 12:55 schrieb n0dalus:
> On 3/20/06, rauschenimweltnetz at web.de <rauschenimweltnetz at web.de> wrote:
> > I think it would be very usefull to disallow an application started with
> > wine to connect to the network/internet by an options flag.
> >
> > Unless somebody would help me to find out what I have to change... So I
> > would try it by myself. But in consideration of the fact that I need this
> > feature as soon as possible I would better like to just watch and
> > learn... ;)
>
> I don't know how much of wine's source would need to be changed to
> disallow all network commands, but I know that this kind of thing is
> possible using iptables (particularly with the owner extension).
>
> If you create a new user id (which will be the one you use to start
> the application, using su or sudo), something like 'nonet', then run
> the following:
>
> iptables -I OUTPUT -m owner --uid-owner nonet -j REJECT --reject-with
> imcp-net-unreachable
>
> or something like that (I haven't tested it), it will block the
> 'nonet' user and any applications started as it from sending network
> packets.
>
I think what Rauschi suggested was a per-application setting to disable
network access. A checkbox in winecfg or something. I think iptables won't
help there, but I think such a setting could be helpfull - preventing
applications from calling home and such...?
--
Willie Sippel
//////// | Tritium Studios
// | ______________________________
//// /// | http://www.tritium-studios.com
<willie at froq.net>
More information about the wine-devel
mailing list