Charles Davis wrote:
1) Make Wine use App Sandbox on Mac OS X. At the very least, I would like to be able to limit Wine's file-system activity to the prefix. I'm not familiar with Mac OS X' particular security features, but I wonder why limiting FS activity needs changes in wine? With AppArmor or the like on Linux, you'd define a set of rules living outside of the app.
Limiting to the prefix won't work, because /dev/tty and /tmp/X11.socket etc. need be used. All my apps are installed in a directory outside any .wine prefix. There's a symlink from within C:\Programs. How would you take that into account? BTW, I once defined a set of iptable rules to prevent networking for Wine (or was it for a whole user?) based on the consideration that the apps I use have nothing to do with networking. Here too, nothing need be changed in Wine. Regards, Jörg Höhle