Set (Sandbox) Game Folders via Terminal

Open forum for end-user questions about Wine. Before asking questions, check out the Wiki as a first step.
Forum Rules
Locked
User avatar
malonn
Level 2
Level 2
Posts: 27
Joined: Tue Oct 05, 2021 12:10 pm

Set (Sandbox) Game Folders via Terminal

Post by malonn »

Is there a way to sandbox the prefix/game user folders via the terminal? What I mean is, under "winecfg" > "Desktop Integration" > "Folders", Wine defaults to linking to OS folders, and you can switch them so it doesn't link to these folders and use a pure sandbox environment. Can this be done via Bash? Lutris does it, and it is enabled by default. They must do it some way. I wonder if it's via a terminal command? So, it can be done, but how?
jkfloris
Level 12
Level 12
Posts: 3136
Joined: Thu Aug 14, 2014 10:10 am

Re: Set (Sandbox) Game Folders via Terminal

Post by jkfloris »

An easy way to do this is to use winetricks.

Code: Select all

wineticks isolate_home
# Or, if you also want to remove the Z: drive link
winetricks sandbox
[code]
Keep in mind that programs can still access your file system.
User avatar
malonn
Level 2
Level 2
Posts: 27
Joined: Tue Oct 05, 2021 12:10 pm

Re: Set (Sandbox) Game Folders via Terminal

Post by malonn »

Thanks, dude. I'll have to look at the winetricks source to see how it's done. Recreate it in Python.
User avatar
malonn
Level 2
Level 2
Posts: 27
Joined: Tue Oct 05, 2021 12:10 pm

Re: Set (Sandbox) Game Folders via Terminal

Post by malonn »

I suck as Bash scripting. Anyone familiar with it able to determine how winetricks does this? I know it's not a simple commandline switch. Lutris also does it. I'm perusing the code, but no success in figuring out exactly how they do it. Figuring out other people's code is a PITA.
Searching the net briefly just says to use old versions of winetricks. I don't want to do that. I want to know how winetricks does it and recreate it in Python.
User avatar
malonn
Level 2
Level 2
Posts: 27
Joined: Tue Oct 05, 2021 12:10 pm

Re: Set (Sandbox) Game Folders via Terminal

Post by malonn »

Nevermind. Rubberduck debugging has struck me again. For anyone interested, what struck my wee little brain is that the said prefix directories are symlinks. It seems you just delink them, and voila. That should work.
ChrysoliteAzalea
Level 1
Level 1
Posts: 6
Joined: Fri Nov 18, 2022 2:09 am

Re: Set (Sandbox) Game Folders via Terminal

Post by ChrysoliteAzalea »

If you use GNU/Linux, you can either use sandboxing software such as Firejail or Bubblewrap to run Wine in a separate namespace, as well as mandatory access control such as SELinux or AppArmor, and self-restriction such as seccomp and Landlock. This is the Firejail repository: https://github.com/netblue30/firejail/

Firejail is a complex solution that utilizes various security features in the Linux kernel to restrict application permissions. It also supports using a specified AppArmor profile transition and seccomp (system call access self-restriction) in order to prevent sandbox escape.

Please, keep in mind that X11 system may not be secure enough. You can use a Wayland composer or a dedicated X11 server in order to run Wine.
User avatar
malonn
Level 2
Level 2
Posts: 27
Joined: Tue Oct 05, 2021 12:10 pm

Re: Set (Sandbox) Game Folders via Terminal

Post by malonn »

Good to keep in mind. Is it error prone? I mean do games break sometimes when using any of the software mentioned?
Locked