Hello everyone, with wine being a layer on the linux system and allowing any windows executable file to run completely on Linux as it would on Windows, I am thinking that wine itself is a great risk in terms of security & privacy? So I thought, what about using firejail with Wine to lets all the "windows files" only access certain folders, without internet,.... ? Also what ever I would run, would be killed after a reboot? Or should I still try to dodge wine?
I haven't used wine for a long time - but there is a ready-to-use profile that comes with Firejail. With the included *.inc files a lot of folders/files in home are blacklisted. You might want to add more blacklist rules for your documents or whatever. A neat trick is also to remove the z: drive.
Yes, Windows malware running with Wine in Linux could pwn you. However, you need to configure stuff in Wine during installation. But maybe malware installers could handle that.
I would dodge wine completely and use Windows on another hard drive. I hardly use Windows but when I need to I just swap hard drives.
Well, I started using firejail and it has a policy for wine. So now e.g. with Microsoft Word I cannot open anything that is not in the allowed folder (/home/user/Windows/). So that should be pretty safe?
Thanks for the kind words - but I wouldn't say that I'm a Firejail expert, I'm just an interested user Well, that's hard to tell as you haven't shown us your your modified profile or rather the specific rules you added. If you want to make sure that only /home/user/Windows can be accessed it's probably best to create a whitelisted profile. In the console I would navigate to ~/.wine and execute firejail --private. Then you should be able to execute, e.g., Word with wine word.exe. The find . command should show you which files/folders are accessed. Many of them are probably already contained in /etc/firejail/whitelist-common.inc which should be added to your profile as suggested in step 3 on that site.
