I was wondering if anyone has experience with using Tomoyo to sandbox Wine applications.
Do you tried? There are problems? Any suggestion?
I usually start each application in its own directory (WINEPREFIX) after using wine sandbox, but still it is not a real protection. Isn't it?
Tomoyo homepage:
http://tomoyo.sourceforge.jp/
Edit: sorry, please move this thread in the Linux subsection.
Tomoyo for sandboxing wine applications
Re: Tomoyo for sandboxing wine applications
etwineb
http://wiki.winehq.org/SecuringWine this does need to be expanded on. If you do get Tomoyo to work please do update the SecuringWine page.
http://zerowine.sourceforge.net/ This is a special sub form for reversing malware. Yes there is the posibltiy of malware designed to detect and breach wine. Yes it possible for an application running in wine that knows it running in wine detect that z: is missing and restore it. This is one of the big secuirty issues depending on wine. What ever setting you can set the application running in wine can set it as well. There is no user seperation in wine itself.
I am going to say what sandbox. Wine does not have a sandbox in any major sence of the word. Wine creates a stack load of virtual contructs but that just window dressing. Does not stop application from doing bad things to system unless the application is believing the virtual contructs.I usually start each application in its own directory (WINEPREFIX) after using wine sandbox, but still it is not a real protection. Isn't it?
http://wiki.winehq.org/SecuringWine this does need to be expanded on. If you do get Tomoyo to work please do update the SecuringWine page.
http://zerowine.sourceforge.net/ This is a special sub form for reversing malware. Yes there is the posibltiy of malware designed to detect and breach wine. Yes it possible for an application running in wine that knows it running in wine detect that z: is missing and restore it. This is one of the big secuirty issues depending on wine. What ever setting you can set the application running in wine can set it as well. There is no user seperation in wine itself.
Re: Tomoyo for sandboxing wine applications
Tomoyo looks like a good native sandbox.
It would be interesting to see Wine running in it.
I haven't tried it, don't know what configuration would be needed.
It would be interesting to see Wine running in it.
I haven't tried it, don't know what configuration would be needed.