• Max-P@lemmy.max-p.me
          link
          fedilink
          arrow-up
          9
          ·
          1 year ago

          It’s not a sandbox, even though it somewhat acts like one.

          There’s not a whole lot preventing a Windows exe from containing Linux code and executing it and effectively “breaking out” of the “sandbox”. Wine presents a Windows compatible view of the system but there isn’t anything really locking it down/preventing the executable from calling the Linux functions instead. It mostly just converts between the PE and ELF binary formats and provides the Windows libraries and interfaces.

          So, it has a slight sandboxing effect but it’s essentially security through obscurity and Windows programs generally not expecting to have a whole Linux environment available.

          A real sandbox enforces restrictions and makes it so you have to exploit the sandbox to break out of it. A good chunk of Wine is just Windows DLLs built with Linux awareness to do the plumbing, there’s no clear solid separation of both worlds.

  • mranderson17@infosec.pub
    link
    fedilink
    arrow-up
    9
    ·
    edit-2
    1 year ago

    Bottles (https://usebottles.com/) is what you’re looking for, sandboxing is one of it’s primary features. It can use lutris prefixes too if you need them.

    EDIT: It’s only sandboxed if you use the flatpak, just FYI.

      • mranderson17@infosec.pub
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        Probably? Honestly I just read the sections of the docs that were relevant to what I needed and clicked buttons until things worked. Tutorials are dangerous because the moment they are published they are out of date, unless the author goes back and updates it regularly which is pretty rare, or impossible if it’s something like a youtube video.

        Anyway it’s a GUI application with lots of tool tips and all that, it’s not difficult to use.