• Chewy@discuss.tchncs.de
    link
    fedilink
    arrow-up
    4
    ·
    9 months ago

    No, the Linux filesystem is usually mounted as Z: in wine. Sandboxing through e.g. flatpak/bubblewrap with permissions set to only allow access to ~/Games should protect from many viruses.

        • Pantherina@feddit.de
          link
          fedilink
          arrow-up
          2
          ·
          9 months ago

          Wine does not sandbox in any way at all. When run under Wine, a Windows app can do anything your user can. Wine does not (and cannot) stop a Windows app directly making native syscalls, messing with your files, altering your startup scripts, or doing other nasty things.

          You need to use AppArmor, SELinux or some type of virtual machine if you want to properly sandbox Windows apps.

          Note that the winetricks sandbox verb merely removes the desktop integration and Z: drive symlinks and is not a true sandbox. It protects against errors rather than malice. It’s useful for, e.g., keeping games from saving their settings in random subdirectories of your home directory.

          So yes, Bottles Flatpak for the win!