On 19/03/15 02:14, Michael Siepmann wrote: > Thanks. Your thoughts led me to the idea of trying Wine in a > virtualized instance of GNU/Linux, so any Windows applications would be > sandboxed and not have access to my physical computer. (I see at > http://wiki.winehq.org/FAQ#head-f566a12c806a1eacaeefb7cb6419a513a773c571 > that there are also other ways to achieve sandboxing, with which I'm not > yet familiar: AppArmor, SELinux).
You could maybe create a separate user account which to sudo -u wineaccount wine winapp.exe into. That will provide some basic separation, preventing Wine from accessing your actual home directory. You could also combine that with SELinux or Apparmor if you wanted to. You could kick security up a notch with a chroots (perhaps managed via schroot). While chroot isn't exactly a security tool, you're not running privileged code so it should help. And if you still have doubts, you could even look to Docker. http://fabiorehm.com/blog/2014/09/11/running-gui-apps-with-docker/ All of these should be much faster than a virtual machine, however I imagine Docker would pretty much restrict you to basic 2D apps if using the method described in the link.
signature.asc
Description: OpenPGP digital signature
