Hi,
I am executing an wine program but it has access to the root folder of the host.
How can I remove this access ? I have already checked that .wine/dosdevices/ links are not pointing to the root folder.
Regards
Wine 2.0.2 remove access to root folder
Re: Wine 2.0.2 remove access to root folder
Did you remove the links in dosdevices by hand or in winecfg?
<Edit>
never mind, the root folder is still accessible after I removed the Z drive in winecfg
</Edit>
<Edit>
never mind, the root folder is still accessible after I removed the Z drive in winecfg
</Edit>
Re: Wine 2.0.2 remove access to root folder
Does winetricks sandbox option do what you want?
Re: Wine 2.0.2 remove access to root folder
Removing the z: symlink removes the ability to read or write files outside the wineprefix, however, the directories and files will still be visible in Wine explorer and winefile. There is no way to prevent that.
- SquareAperture
- Level 2
- Posts: 28
- Joined: Sat Sep 02, 2017 12:30 am
Re: Wine 2.0.2 remove access to root folder
Hi. Technically this isn't wine, but I want to help
It would probably help if you told us why this matters. If your user account has access, then something running as you will have that access, regardless if it's vi or wine... and just because your app can see the root directory, doesn't mean you can access or change something your user account doesn't have rights for.
If you truly need something to not see something else, no amount of sandboxing or chroot'ing will help you. That's not how computers work. If you need access to something to make the app (or the OS itself) function, you can't then turn around and block it from access.
If it's a safety thing, like you're playing around with viruses and wanting to see how they work in a live environment, get a separate PC and run them there, where you can wipe the usb stick or HDD when you're done and re-image from a backup.
Container virtualization is considered a secure way to do it. Are you familiar with lxc? The idea is, it's a bit more isolated than a chroot, but not the overhead of running a full separate guest OS. Lots of companies do it this way. (there's a Capitalist product Docker that many sysadmins love, that has a community edition since it was initially open source.)
Of course you can just install said app in a guest windows image, or a guest linux running wine image, for your hypervisor of choice. ie. there's plenty of tools to copy your system into an image to virtualize, ex: virt-p2v-make-disk.
Again, if you share why seeing the root fs is bad, we could answer more accurately. This is the best I can do without details.
Good luck!
It would probably help if you told us why this matters. If your user account has access, then something running as you will have that access, regardless if it's vi or wine... and just because your app can see the root directory, doesn't mean you can access or change something your user account doesn't have rights for.
If you truly need something to not see something else, no amount of sandboxing or chroot'ing will help you. That's not how computers work. If you need access to something to make the app (or the OS itself) function, you can't then turn around and block it from access.
If it's a safety thing, like you're playing around with viruses and wanting to see how they work in a live environment, get a separate PC and run them there, where you can wipe the usb stick or HDD when you're done and re-image from a backup.
Container virtualization is considered a secure way to do it. Are you familiar with lxc? The idea is, it's a bit more isolated than a chroot, but not the overhead of running a full separate guest OS. Lots of companies do it this way. (there's a Capitalist product Docker that many sysadmins love, that has a community edition since it was initially open source.)
Of course you can just install said app in a guest windows image, or a guest linux running wine image, for your hypervisor of choice. ie. there's plenty of tools to copy your system into an image to virtualize, ex: virt-p2v-make-disk.
Again, if you share why seeing the root fs is bad, we could answer more accurately. This is the best I can do without details.
Good luck!