crazy ideas of linux n00b :D

Discussion in 'all things UNIX' started by Konata Izumi, Jun 5, 2013.

Thread Status:
Not open for further replies.
  1. Konata Izumi

    Konata Izumi Registered Member

    Nov 23, 2008
    can I run sandboxie on Wine and use sandboxie to run my windows app? o_O

    I will update this post when something comes to mind. :D
  2. Gullible Jones

    Gullible Jones Registered Member

    May 16, 2013
    No; Sandboxie uses a driver, Wine can only support userspace stuff.

    If you want to sandbox programs running under Wine, a chroot jail might do the trick. It only restricts filesystem access though, not inter-process communication.

    Personally I would not recommend using Wine apps for anything important, since Wine is really not that reliable (and lacks many Windows API features). Better to use Linux "native" apps and a native sandboxing mechanism. For that there is:

    - AppArmor (policy sandbox, restricts where programs can read/write on the filesystem; present but unused in many distros)
    - Tomoyo (a bit more powerful, a bit harder to use, also present in many distros' kernels)
    - SELinux (with 'sandbox -x'; the only one that can provide some protection from keyloggers at the moment, but not very convenient)
    - GrSecurity (requires a custom kernel, also provides lots of memory protection features)

    You could also try LXC (or the friendly version, Arkose Sandbox). Or OpenVZ or Linux-VServer patchsets, which are better tested. These are OS level virtualization, rather than policy sandboxing. Note though that, as with chroot sandboxes, you should probably avoid letting virtualized programs have root privileges.

    It may also be possible to use a user-mode Linux kernel as a sandbox. Not sure how convenient or useful that would be, I tried it once but didn't have the time or the patience to get it working.

    Anyway, suffice to say there are rather a lot of options. None are as comprehensive (for desktops) as Sandboxie, but if you want to learn more about Linux they are probably worth exploring.
Thread Status:
Not open for further replies.