> Wine slightly sandboxes Windows applications, but it *does not* > promise security - because it can't promise security. A "Windows" > binary running under Wine can still execute an INT 0x80 to run a Linux > system call, and break out of .wine and do anything on the system that > the user it's running as can do. This is not exactly 100 percent correct. Linux Secuirty Modules can restrict on a application by application base. Ie user by user base is the lazy our most common users. Application run as wine can do what ever the host OS is configured to allow it to do. selinux sandboxing does work around wine. There are other containment options as well. Wine is not a secuirty system. Wine does nothing to stop OS provided secuirty systems from being used to contain it.