Well, Windows doesn't have multiple bottles (prefixes), each one with it's own "windows" directory and registry. This is something "wine specific". Managing prefixes is something "wine specific".
Just thought it is a nice feature to protect the rest of the system (your home folder, for example) from some nasty application.
I do it by hand on some of my bottles (I separate bottles for each application type and some of then I isolate from some parts of my filesystem).
Just to be completely clear, by prefix and bottle I mean the same thing: the ~/.wine for example.
Best regards,

2009/1/15 Austin English <austinenglish@gmail.com>
On Wed, Jan 14, 2009 at 7:23 PM, Eduardo Menezes
<companheiro.vermelho@gmail.com> wrote:
> I think a "isolate prefix" option in winecfg (or even winetricks) would be
> very useful.
> Undoing symlinks and editing the registry to take out the reference to the
> root is boring (and I'm not sure only doing this is entirely safe) and this
> kind of option would make it possible to run untrusted software without
> worrying.
> I even ran some malwares in isolated wine prefixes and used diff to see what
> it did. Learned a lot from this.
> Anyway, a "nice to have" feature.
>
> Best wishes and thanks for this amazing software,
>
> 2009/1/14 <wine-devel-request@winehq.org>
>>
>> Date: Wed, 14 Jan 2009 15:07:06 -0500
>> From: Nicholas LaRoche <nlaroche@vt.edu>
>> Subject: Re: Wine being targeted for adware
>> To: Stefan D?singer <stefan@codeweavers.com>
>> Cc: wine-devel@winehq.org
>> Message-ID: <496E45EA.9060603@vt.edu>
>> Content-Type: text/plain; charset=windows-1252; format=flowed
>>
>> Stefan D?singer wrote:
>> >> As long as the facilities exist for keeping an entire wine bottle
>> >> isolated from other bottles (and ~/) I don't see this being a major
>> >> issue.
>> > They don't.
>> >
>> > Even if you don't have a drive link pointing out of a bottle, a Windows
>> > app
>> > running in Wine can still call Linux syscalls(int 0x80). This is
>> > possible/needed because Windows apps run as a regular Linux process that
>> > links in Linux libraries which perform linux syscalls.
>> >
>> > So any Windows malware can break out of the Wine "sandbox"(which isn't a
>> > sandbox really) by simply using linux syscalls.
>> >
>> >
>> >
>>
>> On more recent distros (FC9/10) SELinux is enabled by default. Rolling a
>> policy specifically for an untrusted bottle would severely limit the
>> damage it could do. It could restrict all unnecessary read/write/execute
>> access outside of the ~/.wine folder for wineserver and the program.
>>
>> I see your point though, since none of the aforementioned security
>> precautions are commonplace or specifically targeted to wine.
>>
>
> --
> Eduardo
> "Toda Revolução é IMPOSSÍVEL até que se torne INEVITÁVEL!!!" (Leon Trotsky)
>
>
>
>

Windows doesn't provide this, why would wine?

P.S., please bottom post on wine mailing lists.

--
-Austin



--
Eduardo
"Toda Revolução é IMPOSSÍVEL até que se torne INEVITÁVEL!!!" (Leon Trotsky)