access restrictions / sandbox
Stefan Dösinger
stefan at codeweavers.com
Thu Jul 5 10:38:39 CDT 2007
Am Donnerstag, 5. Juli 2007 16:03 schrieb Ioannis Nousias:
> Hello wine developers,
>
> I'm running Wine on Linux. Is there a way to restrict wine from
> accessing some folders and/or resources? Ideally have Wine restraint in
> its WINEPREFIX directory and configure what resources it could access
> (like network for instance).
Wine isn't a sandbox, and can't be used as one. The Windows App's code runs
like any Linux native code, and thus it can call any Linux command. Most
importantly, it can use Linux syscalls via int 0x80. So any security
limitations imposed by Wine can be bypassed. You have to use things like
chroot or a different user to restrict the Windows app.
More information about the wine-devel
mailing list