It’s not a sandbox, even though it somewhat acts like one.
There’s not a whole lot preventing a Windows exe from containing Linux code and executing it and effectively “breaking out” of the “sandbox”. Wine presents a Windows compatible view of the system but there isn’t anything really locking it down/preventing the executable from calling the Linux functions instead. It mostly just converts between the PE and ELF binary formats and provides the Windows libraries and interfaces.
So, it has a slight sandboxing effect but it’s essentially security through obscurity and Windows programs generally not expecting to have a whole Linux environment available.
A real sandbox enforces restrictions and makes it so you have to exploit the sandbox to break out of it. A good chunk of Wine is just Windows DLLs built with Linux awareness to do the plumbing, there’s no clear solid separation of both worlds.
Lutris is just a launcher, it doesn’t sandbox anything.
Ans I’m pretty sure wine doesn’t sandbox either.
Could we call it a “sandbox” if each game is in it’s own wine prefix?
It’s not a sandbox, even though it somewhat acts like one.
There’s not a whole lot preventing a Windows exe from containing Linux code and executing it and effectively “breaking out” of the “sandbox”. Wine presents a Windows compatible view of the system but there isn’t anything really locking it down/preventing the executable from calling the Linux functions instead. It mostly just converts between the PE and ELF binary formats and provides the Windows libraries and interfaces.
So, it has a slight sandboxing effect but it’s essentially security through obscurity and Windows programs generally not expecting to have a whole Linux environment available.
A real sandbox enforces restrictions and makes it so you have to exploit the sandbox to break out of it. A good chunk of Wine is just Windows DLLs built with Linux awareness to do the plumbing, there’s no clear solid separation of both worlds.