github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

[GH-ISSUE #3793] running wine in firejail (--private option) #2393

New issue

Closed

opened 2026-05-05 09:04:15 -06:00 by gitea-mirror · 4 comments

gitea-mirror commented

2026-05-05 09:04:15 -06:00

Owner

Originally created by @Rosika2 on GitHub (Dec 7, 2020).
Original GitHub issue: https://github.com/netblue30/firejail/issues/3793

Environment

Linux distribution and version: Lubuntu 18.04.5 LTS, 64 bit
Firejail version 0.9.64
not a bug, rather a question -

Hello altogether,

I´ve got a question concerning running wine in firejail:

As I sandbox almost everything I´d like to run WIN-programmes using wine within firejail as well.
On https://firejail.wordpress.com/documentation-2/basic-usage/ I found the following information:

A question please; can Wine, winetricks, PlayOnLinux be sandboxed? If yes, how?
[...]
Wine is available in this moment, run “firejail wine” from the command line. 
[...] PlayOnLinux is already available in the development version on GitHub.

For running e.g. notepad++ I run

firejail wine "C:\Program Files\Notepad++\notepad++.exe"
, which works fine.

Yet what I´d like to achieve is running wine in firejail with the private-option in a dedicated work-directory (for enhanced security).
Pretty much the same way I run my browser:
firejail --private=/home/rosika/Dokumente/work firefox
Is this possible with wine as well? And if so, how would I go about it?

My path for notepad++ is:
/home/rosika/.wine/drive_c/Program Files/Notepad++/notepad++.exe
Thanks a lot for your help in advance.
Many greetings.

Rosika

Originally created by @Rosika2 on GitHub (Dec 7, 2020). Original GitHub issue: https://github.com/netblue30/firejail/issues/3793 **Environment** - Linux distribution and version: Lubuntu 18.04.5 LTS, 64 bit - Firejail version 0.9.64 - not a bug, rather a question - Hello altogether, I´ve got a question concerning running wine in firejail: As I sandbox almost everything I´d like to run WIN-programmes using wine within firejail as well. On https://firejail.wordpress.com/documentation-2/basic-usage/ I found the following information: ``` A question please; can Wine, winetricks, PlayOnLinux be sandboxed? If yes, how? [...] Wine is available in this moment, run “firejail wine” from the command line. [...] PlayOnLinux is already available in the development version on GitHub. ``` For running e.g. notepad++ I run `firejail wine "C:\Program Files\Notepad++\notepad++.exe" ` , which works fine. Yet what I´d like to achieve is running wine in firejail with the **private-option** in a **dedicated work-directory** (for enhanced security). Pretty much the same way I run my browser: `firejail --private=/home/rosika/Dokumente/work firefox ` Is this possible with wine as well? And if so, how would I go about it? My path for notepad++ is: `/home/rosika/.wine/drive_c/Program Files/Notepad++/notepad++.exe ` Thanks a lot for your help in advance. Many greetings. Rosika

gitea-mirror

2026-05-05 09:04:15 -06:00

closed this issue
added the
question_old
label

gitea-mirror commented

2026-05-05 09:04:18 -06:00

Author

Owner

@rusty-snake commented on GitHub (Dec 7, 2020):

I don't use wine, but you can use --private as everywhere, you can't?

$ mkdir WINE
$ mv .wine WINE
$ firejail --private=~/WINE wine "C:\Program Files\Notepad++\notepad++.exe"

$ mkdir notepadqq-home
$ firejail --private=~/notepadqq-home --profile=wine winecfg
$ firejail --private=~/notepadqq-home wine NOTEPADQQ-INSTALLER

@rusty-snake commented on GitHub (Dec 7, 2020): I don't use wine, but you can use `--private` as everywhere, you can't? ``` $ mkdir WINE $ mv .wine WINE $ firejail --private=~/WINE wine "C:\Program Files\Notepad++\notepad++.exe" ``` ``` $ mkdir notepadqq-home $ firejail --private=~/notepadqq-home --profile=wine winecfg $ firejail --private=~/notepadqq-home wine NOTEPADQQ-INSTALLER ```

gitea-mirror commented

2026-05-05 09:04:19 -06:00

Author

Owner

@Rosika2 commented on GitHub (Dec 7, 2020):

@rusty-snake:

Hi and thanks a lot for your answer.

I did the following:

$ mkdir WINE
$ mv .wine WINE
$ firejail --private=~/WINE wine "C:\Program Files\Notepad++\notepad++.exe"

It worked fine. That´s really great.
One thing though I don´t quite understand. So just to learn something new:

Why were steps 1 and 2 necessary? (mkdir WINE and mv .wine WINE)

Many greetings.
Rosika

@Rosika2 commented on GitHub (Dec 7, 2020): @rusty-snake: Hi and thanks a lot for your answer. I did the following: ``` $ mkdir WINE $ mv .wine WINE $ firejail --private=~/WINE wine "C:\Program Files\Notepad++\notepad++.exe" ``` _It worked fine._ That´s really great. One thing though I don´t quite understand. So just to learn something new: Why were steps 1 and 2 necessary? ($ mkdir WINE and $ mv .wine WINE) Many greetings. Rosika

gitea-mirror commented

2026-05-05 09:04:21 -06:00

Author

Owner

@rusty-snake commented on GitHub (Dec 7, 2020):

The first (mkdir WINE) create the new dir which now acts as your private $HOME. You can use any path you want as long as you use the same in all the commands below.

The second step moves your current wine configuration (which is ~/.wine by default, but can be customized by setting WINE_PREFIX IIRC) into the new private-$HOME. ~/WINE/.wine will the show up as ~/.wine inside the sandbox when started with --private=~/WINE.

@rusty-snake commented on GitHub (Dec 7, 2020): The first (`mkdir WINE`) create the new dir which now acts as your private $HOME. You can use any path you want as long as you use the same in all the commands below. The second step moves your current wine configuration (which is `~/.wine` by default, but can be customized by setting `WINE_PREFIX` IIRC) into the new private-$HOME. `~/WINE/.wine` will the show up as `~/.wine` inside the sandbox when started with `--private=~/WINE`.

gitea-mirror commented

2026-05-05 09:04:21 -06:00

Author

Owner

@Rosika2 commented on GitHub (Dec 7, 2020):

@rusty-snake:
Hi and thanks a lot for the explanation.

I think I understand now.
Without the first two steps a command like

$ firejail --private=/home/rosika wine "C:\Program Files\Notepad++\notepad++.exe"
would have treated my whole home-directory as the private one instead of using a dedicated private directory for wine only.

Thanks a lot again for your help.
Many greetings.
Rosika

@Rosika2 commented on GitHub (Dec 7, 2020): @rusty-snake: Hi and thanks a lot for the explanation. I think I understand now. Without the first two steps a command like `$ firejail --private=/home/rosika wine "C:\Program Files\Notepad++\notepad++.exe" ` would have treated my whole home-directory as the private one instead of using a dedicated private directory for wine only. Thanks a lot again for your help. Many greetings. Rosika

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#2393

No description provided.

Rows
Columns