Windows applications can still access the Linux functionality when running under Wine, though of course that has to have been purposefully coded in.
However you can run wine itself inside something like firejail to properly sandbox the whole thing - I have Lutris in my Linux gaming machine configured to do just that for all games by default (my firejail config even blocks networking).
There is a launch configuration option under each game (under System Options tabs, if I’m not mistaken) called “command prefix” were you can put the firejail stuff (so if you put just “firejail -someoption” there your game gets launched with, for example “firejail -someoption wine …”) or whatever other sandboxing command you want to use (such as bubblewrap).
In the main Lutris options, there’s a section with the default values for all those launch options for games, so if you put it in the “command prefix” there, all games get launched with that command prefix unless you override it in that game’s launch options (so, for example, if you’re blocking networking for all games but want to run a game for multiplayer over the net, you override the sandboxing wrapper options in that game’s launch options specifically, which won’t affect any other game).
I hope WINEPREFIX is thick enough for a condom.
Now say it with me, WINE IS MALWARE COMPATIBLE
Run wine with sudo. Yolo
Not if I don’t give it access to my Linux files
Not exactly true but for simple malware yeah
I think wine maps at least your home directory into prefix, so your data would be in danger.
yup, home (or was it root actually?) is commonly mapped to the Z: drive, and it’s writeable too. Wine isn’t meant to be a security layer.
Wine, in Bottles, in Flatpak. Worst IKEA experience I’ve had.
is that some kind of newfangled swedish fetish?
There’s a Bubblewrap wrapper for wine: https://github.com/hartwork/sandwine
Windows applications can still access the Linux functionality when running under Wine, though of course that has to have been purposefully coded in.
However you can run wine itself inside something like firejail to properly sandbox the whole thing - I have Lutris in my Linux gaming machine configured to do just that for all games by default (my firejail config even blocks networking).
How do you configure that by default?
There is a launch configuration option under each game (under System Options tabs, if I’m not mistaken) called “command prefix” were you can put the firejail stuff (so if you put just “firejail -someoption” there your game gets launched with, for example “firejail -someoption wine …”) or whatever other sandboxing command you want to use (such as bubblewrap).
In the main Lutris options, there’s a section with the default values for all those launch options for games, so if you put it in the “command prefix” there, all games get launched with that command prefix unless you override it in that game’s launch options (so, for example, if you’re blocking networking for all games but want to run a game for multiplayer over the net, you override the sandboxing wrapper options in that game’s launch options specifically, which won’t affect any other game).