After installing Wine I found that there is a z drive that has direct access to root folder. I have seen many threads and news about virus affecting a linux system through wine. How do I make it more secure?
Asked
Active
Viewed 564 times
2 Answers
3
Run wine via firejail.
Some examples and discussion: https://github.com/netblue30/firejail/issues/2219
Artem S. Tashkinov
- 26,392
- 4
- 33
- 64
-
Is this the most secure option [or are there better ones](https://unix.stackexchange.com/questions/714165/is-it-possible-to-sandbox-wine-in-a-way-that-mitigates-all-security-risks-from-r) without large performance drop? If you use it only for games does it help creating [a new user](https://wiki.archlinux.org/title/Wine#Running_Wine_under_a_separate_user_account)? How can one [use firejailed Wine in Lutris](https://github.com/lutris/lutris/issues/4556) (for games)? – mYnDstrEAm Oct 13 '22 at 08:52
-
Firejail shouldn't incur a visible performance drop unless you've got an ancient CPU. Using a separate user is a good option but it's quite an inconvenient one. – Artem S. Tashkinov Oct 14 '22 at 14:17
-
Deleting `z:` from Wine does literally nothing. Windows applications can run Linux binaries directly even when z: does not exist. It used to work in the past (over three years ago) but then Wine developers dropped this feature as a security theater. – Artem S. Tashkinov Oct 14 '22 at 14:18
-
Do you have a link concerning deleting `Z:`? It's probably irrelevant whether one does that if it's sandboxed with firejail to only access allowed dirs anyway. Performance drop was only referring to other options _besides_ firejail. Is it maybe possible to run an app as the new restricted user from the root user to make it more convenient? – mYnDstrEAm Oct 14 '22 at 14:29
-
`z:` -> https://bugs.winehq.org/show_bug.cgi?id=25537 The feature was dropped 12 years ago. – Artem S. Tashkinov Oct 14 '22 at 14:32
