Sandboxing

[sonnyp]

I use the flatpak version of bottles but still, I think bottles could benefit from builtin sandboxing for the following reasons

1. Get sandboxing support ala Steam or WebkitGTK even for non flatpak builds
2. Let users define per bottles permissions, at runtime rather than the Bottles team guessing which permissions should be given by default to all bottles. See [Flatpak] Reduce filesystem permissions  Bottles#413

It is possible to run bubblewrap in flatpaks.
Steam makes use of this - see flathub/com.valvesoftware.Steam#642 (comment)

I don't think this should be high priority given that it's already possible to sandbox through the flatpak version but I would be interested in hearing your thoughts and if you think it's relevant to Bottles.

[mirkobrombin]

I think it's a very useful feature. I had already thought about Bottles Sandbox a few months ago but I never really had time to get started on this task. I think it is very important not to limit the functionality to Flatpak and to allow users to turn it off and on as they please.

PS. Great to have the issue open in libbottles, as the feature must be part of this library. Except that this repository is currently on hiatus, as we are switching to C # with .NET Standard for Bottles Trento. libwine (python version) will be kept and updated but libbottles (also python) may not complete.

[gasinvein]

It is possible to run bubblewrap in flatpaks.
Steam makes use of this - see flathub/com.valvesoftware.Steam#642 (comment)

This is not quite accurate. You can't run bwrap directly in flatpak sandbox, but you can ask flatpak to run a process in a "sub-sandbox" (optionally, with reduced permissions) for you. This is what WebKitGTK and pressure-vessel (Steam's container runner) do.

See the flatpak portal docs or the flatpak-spawn utility manpage for more details.