access restrictions / sandbox
s0238762 at sms.ed.ac.uk
Thu Jul 5 11:18:24 CDT 2007
ok, so there isn't a wine specific way to do that. A separate 'wine'
user is indeed a simple solution to avoid messing with my normal
user-account files, but I still need to prevent it from accessing
certain resources. Time to learn SELinux I guess :)
Marcus Meissner wrote:
> On Thu, Jul 05, 2007 at 03:03:27PM +0100, Ioannis Nousias wrote:
>> Hello wine developers,
>> I'm running Wine on Linux. Is there a way to restrict wine from
>> accessing some folders and/or resources? Ideally have Wine restraint in
>> its WINEPREFIX directory and configure what resources it could access
>> (like network for instance).
>> I've seen few talks on having a 'sandbox' that date back to 2002 and
>> most conclusions suggest that access restrictions should be made on the
>> host OS. If that's the case, any tips on how one could do that in Linux
>> would be appreciated.
> AppArmor, SELinux.
> Or use a seperate "Wine" user and use ssh -X wineuser at localhost
> (but this one could break out of it too).
> Ciao, Marcus
More information about the wine-devel