On 3/20/06, rauschenimweltnetz(a)web.de <rauschenimweltnetz(a)web.de> wrote:
I think it would be very usefull to disallow an application started with wine to connect to the network/internet by an options flag.
Unless somebody would help me to find out what I have to change... So I would try it by myself. But in consideration of the fact that I need this feature as soon as possible I would better like to just watch and learn... ;)
I don't know how much of wine's source would need to be changed to disallow all network commands, but I know that this kind of thing is possible using iptables (particularly with the owner extension). If you create a new user id (which will be the one you use to start the application, using su or sudo), something like 'nonet', then run the following: iptables -I OUTPUT -m owner --uid-owner nonet -j REJECT --reject-with imcp-net-unreachable or something like that (I haven't tested it), it will block the 'nonet' user and any applications started as it from sending network packets. HTH, n0dalus.