SoC 2012 Ideas
Joerg-Cyril.Hoehle at t-systems.com
Joerg-Cyril.Hoehle at t-systems.com
Thu Mar 29 04:01:45 CDT 2012
Charles Davis wrote:
>1) Make Wine use App Sandbox on Mac OS X.
>At the very least, I would like to be able to limit Wine's file-system activity to the prefix.
I'm not familiar with Mac OS X' particular security features, but I wonder
why limiting FS activity needs changes in wine?
With AppArmor or the like on Linux, you'd define a set of rules living outside of the app.
Limiting to the prefix won't work, because /dev/tty and /tmp/X11.socket etc. need be used.
All my apps are installed in a directory outside any .wine prefix. There's a symlink
from within C:\Programs. How would you take that into account?
BTW, I once defined a set of iptable rules to prevent networking for Wine (or was it for a whole user?)
based on the consideration that the apps I use have nothing to do with networking.
Here too, nothing need be changed in Wine.
Regards,
Jörg Höhle
More information about the wine-devel
mailing list