Charles Davis wrote:
- Make Wine use App Sandbox on Mac OS X.
At the very least, I would like to be able to limit Wine's file-system activity to the prefix.
I'm not familiar with Mac OS X' particular security features, but I wonder why limiting FS activity needs changes in wine? With AppArmor or the like on Linux, you'd define a set of rules living outside of the app.
Limiting to the prefix won't work, because /dev/tty and /tmp/X11.socket etc. need be used.
All my apps are installed in a directory outside any .wine prefix. There's a symlink from within C:\Programs. How would you take that into account?
BTW, I once defined a set of iptable rules to prevent networking for Wine (or was it for a whole user?) based on the consideration that the apps I use have nothing to do with networking. Here too, nothing need be changed in Wine.
Regards, Jörg Höhle