Wine 2.0.2 remove access to root folder

Questions about Wine on Linux
Locked
tk421
Level 2
Level 2
Posts: 30
Joined: Wed Aug 09, 2017 7:19 am

Wine 2.0.2 remove access to root folder

Post by tk421 »

Hi,

I am executing an wine program but it has access to the root folder of the host.

How can I remove this access ? I have already checked that .wine/dosdevices/ links are not pointing to the root folder.

Regards
jkfloris
Level 12
Level 12
Posts: 3136
Joined: Thu Aug 14, 2014 10:10 am

Re: Wine 2.0.2 remove access to root folder

Post by jkfloris »

Did you remove the links in dosdevices by hand or in winecfg?

<Edit>
never mind, the root folder is still accessible after I removed the Z drive in winecfg
</Edit>
jkfloris
Level 12
Level 12
Posts: 3136
Joined: Thu Aug 14, 2014 10:10 am

Re: Wine 2.0.2 remove access to root folder

Post by jkfloris »

Does winetricks sandbox option do what you want?
User avatar
dimesio
Moderator
Moderator
Posts: 13201
Joined: Tue Mar 25, 2008 10:30 pm

Re: Wine 2.0.2 remove access to root folder

Post by dimesio »

Removing the z: symlink removes the ability to read or write files outside the wineprefix, however, the directories and files will still be visible in Wine explorer and winefile. There is no way to prevent that.
User avatar
SquareAperture
Level 2
Level 2
Posts: 28
Joined: Sat Sep 02, 2017 12:30 am

Re: Wine 2.0.2 remove access to root folder

Post by SquareAperture »

Hi. Technically this isn't wine, but I want to help :-)

It would probably help if you told us why this matters. If your user account has access, then something running as you will have that access, regardless if it's vi or wine... and just because your app can see the root directory, doesn't mean you can access or change something your user account doesn't have rights for.

If you truly need something to not see something else, no amount of sandboxing or chroot'ing will help you. That's not how computers work. If you need access to something to make the app (or the OS itself) function, you can't then turn around and block it from access.

If it's a safety thing, like you're playing around with viruses and wanting to see how they work in a live environment, get a separate PC and run them there, where you can wipe the usb stick or HDD when you're done and re-image from a backup.

Container virtualization is considered a secure way to do it. Are you familiar with lxc? The idea is, it's a bit more isolated than a chroot, but not the overhead of running a full separate guest OS. Lots of companies do it this way. (there's a Capitalist product Docker that many sysadmins love, that has a community edition since it was initially open source.)

Of course you can just install said app in a guest windows image, or a guest linux running wine image, for your hypervisor of choice. ie. there's plenty of tools to copy your system into an image to virtualize, ex: virt-p2v-make-disk.

Again, if you share why seeing the root fs is bad, we could answer more accurately. This is the best I can do without details.

Good luck!
Locked