On Sat, Oct 24, 2009 at 10:47 PM, Nicholas LaRoche <[email protected]> wrote: > A few months ago there was a topic in wine-devel on the same subject. A > toggle switch for portions of the wine API (i.e. networking), WINEPREFIX, > and SELinux seems to make this a non-issue. > > The default wine SELinux configuration for Fedora 11 denies quite a bit of > behavior. (Try compiling and using HEAD without setting the security context > or entering permissive mode and you'll see what I mean). > > Does this even need to be handled at the wine level to prevent system-wide > corruption? It seems like other security technologies already provide this > protection.
We may want to lend a hand. For instance, I could imagine the system needing some help to figure out how to allow certain windows apps access to the network, and deny it to others. And I think sandboxing a la chromium might end up being a useful technique that would require some work on wine's part to work well. - Dan
