Hacker News new | past | comments | ask | show | jobs | submit login

Bottles are isolated Wine environments, similar to containers or VMs. This allows you to install components (e.g. msxml3) to, and modify the configuration of that environment to make the program work without having it affect other applications.



Isolated wine environments are called wineprefixes in wine terms and do not require any additional software.


I think bottles allow you to run a different version of wine inside each bottle (in addition to offering a noob-friendly GUI interface).


Sure, wine supports prefixes, but:

- No filesystem sandbox.

- No handling of dependencies.

- No first-party UI for managing multiple prefixes.


> - No filesystem sandbox.

Every WINEPREFIX defines its own Windows disk drives, so the filesystem is effectively sandboxed. Conventionally, there's (often? always?) a Z:\ drive which points to / on the Linux filesystem, but there doesn't have to be. You can add or remove drive mappings without any additional tools beyond WINE itself, and applications running under WINE can't see files that don't have drives mapped to them, afaik.

Your other two points are correct, though.


>Every WINEPREFIX defines its own Windows disk drives, so the filesystem is effectively sandboxed.

No, it is definitely not effectively sandboxed. You only need to access / instead of Z:. Wine has no sandbox mechanisms built in. It is also a fairly large codebase which definitely has a bug or two that could be exploited to get around such mechanisms if they existed.

To effectively sandbox, you need the kernel's help. Linux offers namespaces and control groups.

The way you use these comfortably behind a layer of abstraction is through containers. Bottles uses flatpak for the purpose.


> No, it is definitely not effectively sandboxed. You only need to access / instead of Z:. Wine has no sandbox mechanisms built in. It is also a fairly large codebase which definitely has a bug or two that could be exploited to get around such mechanisms if they existed.

If you don't have Z:\ enabled, how do you actually access those Unix-like paths? When I launch a WINE command prompt in a prefix with no Z:\ enabled, I get:

  wine: could not open working directory L"unix\\home\\pxc\\", starting in the Windows directory.
  Microsoft Windows 6.1.7601

  unix\home\pxc>dir
  Syntax error

  unix\home\pxc>cd ..

  unix\home>dir
  Syntax error
and so on. What Windows APIs are Windows programs supposed to use that will let them see parts of the Linux filesystem that are not mapped as Windows drives in WINE?

> To effectively sandbox, you need the kernel's help. Linux offers namespaces and control groups.

> The way you use these comfortably behind a layer of abstraction is through containers. Bottles uses flatpak for the purpose.

This is an improvement for sure, but I've never, ever had some WINE program run amok on my hard disk outside of the drives letters defined for it in the WINE configuration.

Thanks for pointing out the more thoroughgoing sandboxing that Bottles uses beyond just the WINE drive mapping, though.


     export WINEPREFIX=$HOME/tmp

     mkdir $HOME/tmp

     wine foo/bar/bla/install.exe


> mkdir $HOME/tmp

WINE will automatically create the WINEPREFIX directory for you if it doesn't exist, so it's even simpler than that :)

The real value of bottles (or crossties, or PlayOnLinux definitions, or whatever) in in encoding all the tips and tricks required to get some piece of software running under WINE in a form that lends itself to easy distribution and automation.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: