On Sun, 27 Oct 2002, Peter Andersson wrote: [...]
I agree. Using chroot could offer the functionality Im looking for.
I also saw this today on kernel-traffic. It looks pretty much like what you are looking for:
* Linux Security Protection System http://www.uwsg.indiana.edu/hypermail/linux/kernel/0210.2/0123.html
From the announcement:
...
Filesystem Access Domain subsystem allows restriction of accessible filesystem parts for both individual users and programs. Now you can restrict user activities to only its home, mailbox etc. Filesystem Access Domains works on device, dir and individual file granularity.
IP Labeling lists enable restriction on allowed network connections on per program basis. From now on, you may configure your policy so that no one except your favorite MTA can connect to remote port 25
...
So using these features plus some wrapper scripts around Wine, it should be possible to prevent Windows applications from going where they are not allowed.