• Pantherina@feddit.de
    link
    fedilink
    arrow-up
    3
    ·
    edit-2
    9 months ago

    Are Wine apps ran isolated? Because we basically have no viruses on Linux, but I imagine running random of course legally obtained games may be very risky

    • Chewy@discuss.tchncs.de
      link
      fedilink
      arrow-up
      5
      ·
      9 months ago

      No, the Linux filesystem is usually mounted as Z: in wine. Sandboxing through e.g. flatpak/bubblewrap with permissions set to only allow access to ~/Games should protect from many viruses.

          • Pantherina@feddit.de
            link
            fedilink
            arrow-up
            1
            ·
            9 months ago

            Wine does not sandbox in any way at all. When run under Wine, a Windows app can do anything your user can. Wine does not (and cannot) stop a Windows app directly making native syscalls, messing with your files, altering your startup scripts, or doing other nasty things.

            You need to use AppArmor, SELinux or some type of virtual machine if you want to properly sandbox Windows apps.

            Note that the winetricks sandbox verb merely removes the desktop integration and Z: drive symlinks and is not a true sandbox. It protects against errors rather than malice. It’s useful for, e.g., keeping games from saving their settings in random subdirectories of your home directory.

            So yes, Bottles Flatpak for the win!