Lutris is just a launcher, it doesn’t sandbox anything.
Ans I’m pretty sure wine doesn’t sandbox either.
Could we call it a “sandbox” if each game is in it’s own wine prefix?
It’s not a sandbox, even though it somewhat acts like one.
There’s not a whole lot preventing a Windows exe from containing Linux code and executing it and effectively “breaking out” of the “sandbox”. Wine presents a Windows compatible view of the system but there isn’t anything really locking it down/preventing the executable from calling the Linux functions instead. It mostly just converts between the PE and ELF binary formats and provides the Windows libraries and interfaces.
So, it has a slight sandboxing effect but it’s essentially security through obscurity and Windows programs generally not expecting to have a whole Linux environment available.
A real sandbox enforces restrictions and makes it so you have to exploit the sandbox to break out of it. A good chunk of Wine is just Windows DLLs built with Linux awareness to do the plumbing, there’s no clear solid separation of both worlds.
Bottles (https://usebottles.com/) is what you’re looking for, sandboxing is one of it’s primary features. It can use lutris prefixes too if you need them.
EDIT: It’s only sandboxed if you use the flatpak, just FYI.
any tutorials on this
Probably? Honestly I just read the sections of the docs that were relevant to what I needed and clicked buttons until things worked. Tutorials are dangerous because the moment they are published they are out of date, unless the author goes back and updates it regularly which is pretty rare, or impossible if it’s something like a youtube video.
Anyway it’s a GUI application with lots of tool tips and all that, it’s not difficult to use.
You might find your answers in the link below:
https://github.com/lutris/lutris/issues?q=is%3Aissue+is%3Aopen+sandbox