On 3/20/06, rauschenimweltnetz@web.de rauschenimweltnetz@web.de wrote:
I think it would be very usefull to disallow an application started with wine to connect to the network/internet by an options flag.
Unless somebody would help me to find out what I have to change... So I would try it by myself. But in consideration of the fact that I need this feature as soon as possible I would better like to just watch and learn... ;)
I don't know how much of wine's source would need to be changed to disallow all network commands, but I know that this kind of thing is possible using iptables (particularly with the owner extension).
If you create a new user id (which will be the one you use to start the application, using su or sudo), something like 'nonet', then run the following:
iptables -I OUTPUT -m owner --uid-owner nonet -j REJECT --reject-with imcp-net-unreachable
or something like that (I haven't tested it), it will block the 'nonet' user and any applications started as it from sending network packets.
HTH, n0dalus.