https://bugs.winehq.org/show_bug.cgi?id=52230
Bug ID: 52230 Summary: Container programs can access Linux files Product: Wine Version: 6.23 Hardware: x86-64 OS: Linux Status: UNCONFIRMED Severity: major Priority: P2 Component: -unknown Assignee: wine-bugs@winehq.org Reporter: mahg361@gmail.com Distribution: ---
Created attachment 71326 --> https://bugs.winehq.org/attachment.cgi?id=71326 Screenshot
Windows programs can access files outside container
https://bugs.winehq.org/show_bug.cgi?id=52230
Nikolay Sivov bunglehead@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Severity|major |normal
--- Comment #1 from Nikolay Sivov bunglehead@gmail.com --- Wine does not provide container functionality.
https://bugs.winehq.org/show_bug.cgi?id=52230
mahg361@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|Container programs can |Windows programs can access |access Linux files |Linux files
https://bugs.winehq.org/show_bug.cgi?id=52230
--- Comment #2 from mahg361@gmail.com --- Thanks By container I mean wine
https://bugs.winehq.org/show_bug.cgi?id=52230
mahg361@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Version|6.23 |7.0-rc1
https://bugs.winehq.org/show_bug.cgi?id=52230
--- Comment #3 from Henri Verbeet hverbeet@gmail.com --- (In reply to mahg361 from comment #2)
Thanks By container I mean wine
Yes, but this is intentional. Most of the time we want Windows applications to be able to interact with the rest of the Linux system. Wine itself makes no attempt to limit this. If restricting this ability is desired, tools like AppArmor, seccomp filters, SELinux, or perhaps simply running Wine inside a virtual machine like QEMU, would be better suited. There exist tools built on top of those, like e.g. Firejail that should work with Wine.
I hope that helps.
https://bugs.winehq.org/show_bug.cgi?id=52230
--- Comment #4 from destroyed nerd mahg361@gmail.com --- First thank you for guidance, it is helpful
1- If you mean access to documents folder for program like Photoshot, Office then limit access to documents, Photos folders, access to e.g. Firefox passwords folder is unnecessary
2- If you mean Windows programs that make system level changes, how accessing Linux file directly can help such program? These program would do it through c:/windows libraries
https://bugs.winehq.org/show_bug.cgi?id=52230
Fabian Maurer dark.shadow4@web.de changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED CC| |dark.shadow4@web.de Resolution|--- |INVALID
--- Comment #5 from Fabian Maurer dark.shadow4@web.de --- As already said, programs running under Wine can access everything your user can access. This is intentional, there is no bug here.
https://bugs.winehq.org/show_bug.cgi?id=52230
Zebediah Figura z.figura12@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |z.figura12@gmail.com Status|RESOLVED |CLOSED
--- Comment #6 from Zebediah Figura z.figura12@gmail.com --- (In reply to destroyed nerd from comment #4)
First thank you for guidance, it is helpful
1- If you mean access to documents folder for program like Photoshot, Office then limit access to documents, Photos folders, access to e.g. Firefox passwords folder is unnecessary
There's no meaningful difference between these a priori. That is, Wine has no idea what files you want to be visible and which you don't.
Hence that's the kind of thing you should solve yourself, using existing Unix permissions tools.
-
WineHQ Bugzilla