this post was submitted on 17 Jan 2026
799 points (98.7% liked)
linuxmemes
28988 readers
1115 users here now
Hint: :q!
Sister communities:
Community rules (click to expand)
1. Follow the site-wide rules
- Instance-wide TOS: https://legal.lemmy.world/tos/
- Lemmy code of conduct: https://join-lemmy.org/docs/code_of_conduct.html
2. Be civil
- Understand the difference between a joke and an insult.
- Do not harrass or attack users for any reason. This includes using blanket terms, like "every user of thing".
- Don't get baited into back-and-forth insults. We are not animals.
- Leave remarks of "peasantry" to the PCMR community. If you dislike an OS/service/application, attack the thing you dislike, not the individuals who use it. Some people may not have a choice.
- Bigotry will not be tolerated.
3. Post Linux-related content
- Including Unix and BSD.
- Non-Linux content is acceptable as long as it makes a reference to Linux. For example, the poorly made mockery of
sudoin Windows. - No porn, no politics, no trolling or ragebaiting.
- Don't come looking for advice, this is not the right community.
4. No recent reposts
- Everybody uses Arch btw, can't quit Vim, <loves/tolerates/hates> systemd, and wants to interject for a moment. You can stop now.
5. π¬π§ Language/ΡΠ·ΡΠΊ/Sprache
- This is primarily an English-speaking community. π¬π§π¦πΊπΊπΈ
- Comments written in other languages are allowed.
- The substance of a post should be comprehensible for people who only speak English.
- Titles and post bodies written in other languages will be allowed, but only as long as the above rule is observed.
6. (NEW!) Regarding public figures
We all have our opinions, and certain public figures can be divisive. Keep in mind that this is a community for memes and light-hearted fun, not for airing grievances or leveling accusations. - Keep discussions polite and free of disparagement.
- We are never in possession of all of the facts. Defamatory comments will not be tolerated.
- Discussions that get too heated will be locked and offending comments removed. Β
Please report posts and comments that break these rules!
Important: never execute code or follow advice that you don't understand or can't verify, especially here. The word of the day is credibility. This is a meme community -- even the most helpful comments might just be shitposts that can damage your system. Be aware, be smart, don't remove France.
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Just a tip, if you guys want to containerize games such Epic Games, GoG, or other Windows apps, there is a program called Bottle which lets you do this. Can be a great added layer of security and containerization: https://usebottles.com/
However there is Lutris and Heroic for easier to use alternatives that do not offer containerized security.
Is Bottles actually containerized in any meaningful way? Last I checked it just managed wineprefixes, and Wine is not a sandbox.
It doesn't use any seperate layers of containerization other than flatpak. So if you don't install it via flatpak, it won't be sandboxed.
There is also no proper instance containerization (you can enable it in Bottles's settings, but it's marked as experimental and I've been unable to run a single application with it on), so an app installed on one instance in Bottles will have access to all other instances' files.
I could be wrong but i don't think the wine instances themselves are containerized. Maybe he's confusing it with flatpak sandboxing, since that is the only officially supported way of using it.
I don't know much about it. I tried using it to set it up with Epic Games. There was a lot more manual work than say Heroic or Lutris, but all was able to be done through a UI.
I needed to select my dependencies of C# versions, C++ versions, XInput software, Direct X version, various other stuff. This was done within a single bottle, so I'm guessing they're separate from the others.
To be honest, I managed to get Epic Games running, but had trouble signing it. Not sure what else I was missing.
It also lets you take snapshots of your Bottles state. And provides you with a Task Manager, command line, Registry Editor, Windows compatibility versions (e.g., 10 or 11), toggle OBS screen capture, gamescope, Wayland (experimental), other graphic stuff,
Its got Launchers for many things, like also: Battle. Net, Enlisted, EVE, FL Studio, AutoDesk, Guild Wars 2, MEGA sync, Origin, PlayStation Plus, QOBUZ, Star Citizen, Ubisoft Connect, Wargaming. NET (World of Tanks, Warplanes, Battleships), the GOG Galaxy official launcher.
They show the ratings for the various launchers from within the app, to show its score for compatibility.
Why the downvotes? This is useful information...
I think because people no longer trust you because you confidently said that something does something, and then when questioned, you said that you don't really know much about it.
It gives your comments a low trustability factor. People will think that anything else you have to say on the matter could be misleading.
That's fair. Looking back, I shouldn't have used the word containerized. Isolated may have been what I should have used instead since I'm not sure if its "containerized", a "VM", or as @Saprophyte@lemmy.world said "bubblewrap"..
Thanks for responding.
Yes, it has different wine instances for each installed application, it uses a flatpak style separation to prevent them from accessing each other.
It doesn't have any containerization between instances. There is an experimental opt-in setting for it but it's completely broken. It's just sandboxed because of flatpak.
The reason I'm asking is that separate wineprefixes will look like a "different wine instance" to a layman, but they're not the same thing as a sandbox. Wine mounts the host filesystem under the Z: drive, and even beyond that there are probably ways to escape the Wine environment. For true sandboxing some additional layers will be required.
From a security standpoint, yes they can be broken out of, just like a docker or a virtual machine , but they use bubblewrap to isolate environments just like flatpaks. Malicious content aside they are just as isolated and sandboxed as a docker image or vm