[Bug 46525] New: can brows or open files from host / filesystem even if winecfg configure only drive c:
https://bugs.winehq.org/show_bug.cgi?id=46525
Bug ID: 46525 Summary: can brows or open files from host / filesystem even if winecfg configure only drive c: Product: Wine Version: 4.0 Hardware: x86 OS: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: -unknown Assignee: wine-bugs@winehq.org Reporter: gamiljydcome@gmail.com Distribution: ---
winecfg just configure dirve c: without any other drives to run some app, which still can brows and open files from host / filessystem.
that's not a good news,i hope limit some app only access files from configured drives c: d: etc just like a sandbox.
docker+wine can make a sanbox but its not what i want.
https://bugs.winehq.org/show_bug.cgi?id=46525
Fabian Maurer dark.shadow4@web.de changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |dark.shadow4@web.de Status|UNCONFIRMED |RESOLVED Resolution|--- |INVALID
--- Comment #1 from Fabian Maurer dark.shadow4@web.de --- Wine does not provide a sandbox: https://wiki.winehq.org/FAQ#How_good_is_Wine_at_sandboxing_Windows_apps.3F
You need to use another way to limit access to files.
https://bugs.winehq.org/show_bug.cgi?id=46525
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|can brows or open files |Wine allows access to / |from host / filesystem even |regardless of configured |if winecfg configure only |~/.wine/dosdevices |drive c: | CC| |focht@gmx.net
--- Comment #2 from Anastasius Focht focht@gmx.net --- Hello Fabian,
--- quote --- You need to use another way to limit access to files. --- quote ---
well, he mentioned a viable solution in the initial comment: Docker (works also pretty good to limit/control network access of Windows apps).
Every few months someone requests Wine having a filesystem/network "sandboxing" feature which is not possible by design. I think we should should nominate a collector bug to resolve tickets like this as dupe. There are already a dozen. Saves discussion/arguing with people.
Regards
https://bugs.winehq.org/show_bug.cgi?id=46525
--- Comment #3 from gamiljydcome@gmail.com --- yep, docker+wine works very well but its really ugly.
i hope wine can make filessystem sandbox.
Regards.
https://bugs.winehq.org/show_bug.cgi?id=46525
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #4 from Austin English austinenglish@gmail.com --- Closing.
-
wine-bugs@winehq.org