access restrictions / sandbox

Ioannis Nousias s0238762 at sms.ed.ac.uk
Thu Jul 5 11:18:24 CDT 2007


ok, so there isn't a wine specific way to do that. A separate 'wine' 
user is indeed a simple solution to avoid messing with my normal 
user-account files, but I still need to prevent it from accessing 
certain resources. Time to learn SELinux I guess :)

thanks


Marcus Meissner wrote:
> On Thu, Jul 05, 2007 at 03:03:27PM +0100, Ioannis Nousias wrote:
>   
>> Hello wine developers,
>>
>> I'm running Wine on Linux. Is there a way to restrict wine from 
>> accessing some folders and/or resources? Ideally have Wine restraint in 
>> its WINEPREFIX directory and configure what resources it could access 
>> (like network for instance).
>>
>> I've seen few talks on having a 'sandbox' that date back to 2002 and 
>> most conclusions suggest that access restrictions should be made on the 
>> host OS. If that's the case, any tips on how one could do that in Linux 
>> would be appreciated.
>>     
>
> AppArmor, SELinux.
>
> Or use a seperate "Wine" user and use ssh -X wineuser at localhost
> (but this one could break out of it too).
>
> Ciao, Marcus
>
>   




More information about the wine-devel mailing list