[ home / rules / faq ] [ overboard / sfw / alt ] [ leftypol / siberia / edu / hobby / tech / games / anime / music / draw / AKM ] [ meta / roulette ] [ cytube / wiki / git ] [ GET / ref / marx / booru / zine ]

/tech/ - Technology

"Technology reveals the active relation of man to nature" - Karl Marx
Name
Options
Subject
Comment
Flag
File
Embed
Password (For file deletion.)
Join our Matrix Chat <=> IRC: #leftypol on Rizon
[ Return / Go to bottom ]

File: 1700953591654.jpg (7.23 KB, 300x300, 1686861722803.jpg)

 No.22565

Is adding the wine binary to a user with no internet access enough to securely use Windows programs under Linux? It seems using the 
winetricks sandbox
command also removes all links to $HOME.
Is this enough if I want to not worry about running stuff under Wine or should I opt for sandboxing with Firejail, Flatpak+Flatseal, etc?

 No.22573

I installed Bottles not only for the added security of sandboxing via flatpak but also not having wine make a fucking mess of my system's packages.

 No.22574

Why do you want to run Windows programs under GNU/Linux? Is there still some Free Software that's Windows only?

 No.22577

>>22574
most video games are made for windows only still

 No.22592

File: 1701056792889.jpg (8.67 KB, 302x225, 1444260190031.jpg)

>>22573
>check it out
>it wants to install its own separate Gnome
whyyyyyyyy

 No.22593

>>22592
you mean gtk or straight up gnome?

 No.22595

>>22593
straight up gnome plus a bunch of other dependencies. it also asks for way too many permissions just to let me use wine. why are gnome developers like this

 No.22597

I haven't tried Firejail but have this.
https://github.com/netblue30/firejail/blob/master/etc/profile-m-z/wine.profile

There's also bubblewrap which Flatpak and others make use of.
https://wiki.archlinux.org/title/Bubblewrap

>>22592
Flatpak would be really cool if it was a sandbox/permission system integrated into the system package manager. In its current implementation, it's fucking retarded, I don't need ten versions of Gnome and Mesa and Qt installed on my system.

 No.22598

Even in a sandbox (e.g. firejail or bubblejail), a Wine Game would need to have access to at least GPU, Input, Audio, Storage and their Kernel Drivers. IMO, that is a substantial attack surface. OTOH, most attacks exploit a Windows flaw that won't usually exist in Wine.

 No.22604

>>22592
just repackage it or build/compile without gnome dependencies?

 No.22605

>>22597
>Flatpak would be really cool if it was a sandbox/permission system integrated into the system package manager.
And if Flatpak packages actually had good sandbox (some of them don't have any sandboxing at all). There is a site that has collected criticism on Flatpak; https://flatkill.org

 No.22626

File: 1701163942400.png (125.99 KB, 866x724, ClipboardImage.png)

>>22592
>>it wants to install its own separate Gnome
yeah, flatpaks are literally hell
just use this instead: https://github.com/Kron4ek/Conty
it's made by one of the mods on rutracker who packages a bunch of wine and native games for linux
it bundles EVERYTHING (wine, amd/nvidia drivers, steam, lutris, emulators, obs, legendary, etc) you need to play vidya gaems into a single appimage that requires no root access/install and need no extra dependencies
just create another user, download this appimage and run your games inside that environment

 No.22627

>>22626 (me)
>single appimage
meant package since it's actually a shell script + squashfs inside a .sh file

 No.22641

>>22626
Thanks, this looks very good. You can also run wine under a separate user with no privileges but this alternative also won't ruin my packages, it seems.

 No.22822

File: 1703170786151.jpeg (55.12 KB, 2048x1152, 61d9ddbd-5c40-41cf-8973-8….jpeg)

BARE METAL IS ANATHEMA, ANY BARE-METAL PROCESSES MUST BE EXECUTED ON SIGHT


Unique IPs: 5
[Return][Go to top] [Catalog] | [Home][Post a Reply]
Delete Post [ ]
[ home / rules / faq ] [ overboard / sfw / alt ] [ leftypol / siberia / edu / hobby / tech / games / anime / music / draw / AKM ] [ meta / roulette ] [ cytube / wiki / git ] [ GET / ref / marx / booru / zine ]
[ Return / Go to top /