Fora

Prevent any random .exe to run or to have it run in a temporary container?

Autor Odpowiedzi
zakazak Monday 22 July 2019 at 20:35
zakazakAnonymous

Hello everyone,
I am trying to use PlayOnLinux which so far works just fine. How ever, I am having security concerns, even when using firejail on top.
I would like to prevent that any random downloaded .exe file will simply be able to run and stay alive in the system for as long as it wants with access to my whole /home/ folder.
Is there a way to either prevent .exe files from even running or atleast letting them only run in a temporary and closed container/environment that gets a reset after a reboot?
 
In the end I want to only be able to only run the .exe files / software that I explicit installed with POL.
Each software package will have its own container (wineprefix) and should be restricted on messing up with my host system or other winecontainers.
 
@edit: I could install all my winprefixes and then set premission to not allow the creation of a new wineprefix in .PlayOnLinux?
 

Edytowane przez zakazak

Dadu042 Monday 22 July 2019 at 21:07
Dadu042

I'm not sure to understand exactly all your questions. Perhaps you will find answers in : http://wiki.playonlinux.com/index.php/Main_Page

zakazak Monday 22 July 2019 at 21:12
zakazakAnonymous

I already checked the wiki but couldn't really find an answer.

 

POL allows a sytem wide execution of .exe files.

Once the .exe file runs, it has access to my whole /home/ folder and can run in the backround for as long as it wants. 

I want to limit that by only allowing the .exe files I have already installed & configured in POL.

That way, if I accidentily download/run a malware .exe file, it won't be able to access my /home/ partition or even start. 

 

Naturally any .exe file I run with wine will try to create a new "wineprefix" in .wine. So I changed the permission of .wine for only root being allowed to create/modify its content. Now wine can't run any new .exe file anymore. 

I thought I could do the same with POL?

Create all wineprefixes in .PlayOnLinux and then disallow the creation of new wineprefixes in Linux (if that is somehow possible)?