http://danwalsh.livejournal.com/28545.html One of the many ways. Sandboxing is using LSM module controls to limit application access even if the DAC permissions don't agree. http://linuxplumbersconf.org/ocw/proposals/26 Selinux has been working on a simplified sandboxing. I use selinux all the time. Containment done in selinux or smack and the other one that is mainline Linux kernel are all fine. Wise person is aware of there secuirty system and knows how to set it up right. Or at least is pushing for tools to be made to make it simple. Word of warning to Ubuntu users. Your default LSM is apparmor issue here is never passed peer review. So its not 100 percent trust-able. There is a new set of patches moving to mainline linux kernel that is far more secure version of apparmor but Ubuntu is not shipping it yet. Disk access issue is root has permissions to write everywhere and do basically what it so chooses unless contained by a LSM. Ie wine does not ship with security profiles and due to what wine does the profile to be correct would have to be customized to usage. I know there is no reason to run under root but you find people still giving directions in appdb to run as root. Also I still have people arguing in here and irc when I tell people don't run as root then they counter me that its fine as a once off. Ie its never fine each time you do it you risk losing the system. Its very hard to be a 100 percent sure a windows or wine system is 100 percent clean. You don't have linux distributions package management systems to audit against in windows. So you have to presume they are infected if you wish to keep you system in one piece. I really hope the day comes wine is more secure out the box.