You are here

The forum

Is it possible to sandbox / firewall a virtual drive?

New topic

Author	Replies
guises	Friday 29 January 2016 at 16:25
guises	I'd like to run some Windows software which is probably not trustworthy and putting it in a Playonlinux virtual drive seems like a good way to do that. I'd like to sandbox it though, if that can be done without too much difficulty, but at the very least I need to firewall it - is that possible? Can I just block network access for the whole of that virtual drive?
petch	Friday 29 January 2016 at 16:58
petch	How good is Wine at sandboxing Windows apps? (Wine FAQ) ^{My scripts wiki: https://github.com/petchema/playonlinux/wiki} ^{GOGmix: https://www.gog.com/en/mix/playonlinux_install_scripts}
guises	Friday 29 January 2016 at 17:28
guises	Er, right. I'm aware that Wine is not security software, that's not what I'm asking. All right forget the sandboxing part, let me try again: I need to run some software using Wine and I need to prevent that software from connecting to the network. Is there any good way for me to do that using Playonlinux?
petch	Friday 29 January 2016 at 19:11
petch	Not using Wine, and not using PlayOnLinux, virtual drives are not security boundaries so that's none of their business. Maybe using network namespaces, if you're using Linux, but I have no personal experience with that. ^{My scripts wiki: https://github.com/petchema/playonlinux/wiki} ^{GOGmix: https://www.gog.com/en/mix/playonlinux_install_scripts}
guises	Friday 29 January 2016 at 19:18
guises	Okay, thanks. I thought I could just run Wine with the networking component disabled or something, but I guess it's not that easy. I don't have a strong understanding of how Wine functions.
petch	Saturday 30 January 2016 at 10:51
petch	It's an API translator, basically the windows application and Wine together behave like a Linux application, the main "networking component" is the hosting system. I guess what you describe could be done, but it's not the best place to do that, would have costs, so it's not part of Wine features. ^{My scripts wiki: https://github.com/petchema/playonlinux/wiki} ^{GOGmix: https://www.gog.com/en/mix/playonlinux_install_scripts}
guises	Monday 1 February 2016 at 10:52
guises	Hm. I guess I had envisioned it as more of a virtual machine. Even though, yes, it is Not an Emulator. I've had a little luck using firejail, so I'll keep playing with it and maybe work something out. Thanks again.
appoloin	Wednesday 2 March 2016 at 12:14
appoloin	Would this work http://ubuntuforums.org/showthread.php?t=1188099
mviereck	Wednesday 30 November 2016 at 14:55
mviereck	As a sandbox solution, you can use playonlinux in docker. As a tool to run GUI applications like playonlinux in docker, I've scripted a tool x11docker I've published example images containing wine and playonlinux on a dockered LXDE or Xfce desktop: Docker image containing wine and PlayOnLinux on an LXDE desktop Docker image containing wine and PlayOnLinux on an Xfce desktop See README.md for x11docker for usage details. As for short, run playonlinux with command x11docker --hostuser --home x11docker/xfce-wine-playonlinux playonlinux To disable internet access, you can run playonlinux in docker with command x11docker --hostuser --home -- --net=none x11docker/xfce-wine-playonlinux playonlinux
xuancong	Monday 19 February 2018 at 7:53
xuancong	For blocking network access, you can use unshare, e.g.: unshare -n <your-command-line> unshare -n wine <your-program.exe> unshare -n playonlinux --run "<your-program>" If you unshare to run playonlinux: unshare -n playonlinux then, all the launched programs will not be able to access network.

You are here: Index > General discussion > Is it possible to sandbox / firewall a virtual drive?

This site allows content generated by members, and we promptly remove any content that infringes copyright according to our Terms of Service. To report copyright infringement, please send a notice to dmcayonlinux.com