Communities

Writing
Writing
Codidact Meta
Codidact Meta
The Great Outdoors
The Great Outdoors
Photography & Video
Photography & Video
Scientific Speculation
Scientific Speculation
Cooking
Cooking
Electrical Engineering
Electrical Engineering
Judaism
Judaism
Languages & Linguistics
Languages & Linguistics
Software Development
Software Development
Mathematics
Mathematics
Christianity
Christianity
Code Golf
Code Golf
Music
Music
Physics
Physics
Linux Systems
Linux Systems
Power Users
Power Users
Tabletop RPGs
Tabletop RPGs
Community Proposals
Community Proposals
tag:snake search within a tag
answers:0 unanswered questions
user:xxxx search by author id
score:0.5 posts with 0.5+ score
"snake oil" exact phrase
votes:4 posts with 4+ votes
created:<1w created < 1 week ago
post_type:xxxx type of post
Search help
Notifications
Mark all as read See all your notifications »
Q&A

Post History

71%
+3 −0
Q&A How do you troubleshoot bwrap/wine sandboxes for Windows games?

I use Wine to play Windows games. As is well known: Wine is not a sandbox Windows games are proprietary blobs and can contain malware Windows malware can potentially harm Linux through Wine ...

1 answer  ·  posted 11mo ago by matthewsnyder‭  ·  last activity 11mo ago by r~~‭

Question wine
#1: Initial revision by user avatar matthewsnyder‭ · 2023-06-12T00:16:41Z (11 months ago)
How do you troubleshoot bwrap/wine sandboxes for Windows games?
I use Wine to play Windows games. As is well known:

* Wine is not a sandbox
* Windows games are proprietary blobs and can contain malware
* Windows malware can potentially harm Linux through Wine

I don't want malware having free reign on my Linux machine so I sandbox it with bwrap. For the less-informed, bwrap is the low-level tool used for flatpak, which is used by Wine Bottles, a popular Wine tool. In practice I see that attempting to set up sandboxes with Flatpak or Bottles (what it calls "dedicated sandbox") results in very similar behavior to the CLI command `bwrap wine foo.exe`.

I noticed that as I try to restrict a game with `bwrap`, there are often files that it requires access to, and fails without. For example, many games need access to `/sys/devices/system/cpu` and `/dev/nvidia0` (not surprising). The problem is to find *all* such possible path when the game is failing.

As a general approach I can always:

1. Confirm the game runs with all paths permitted
2. Confirm the game fails with only some paths permitted
3. Keep adding a few paths from 1 to 2 until it works

This sort of works, but of course it's not very practical. Is there some direct way to *see* what files the game is trying to access inside the `bwrap wine`, and failing?