Thank you for all your answers!
It's extremely interesting to read.
I quite agree with NotATether, for a lambda user, some solutions seem too complex to implement (but extremely interesting anyway!).
So, for my friend (who is an advanced user but neither a dev nor a specialist) I imagine that the solution mentioned of using a different user for wine would be the best one:
--snip--
Example:
To run
wine as a different user, create a new user "wine". Give user "wine" access to your display:
xhost +SI:localuser:wine; su - wine
Then, as user "wine":
Note that I haven't used this for
wine, but I did for other programs. If I have to use
wine, I run it inside a VM with VPN, because I don't trust the programs I use with it. Or on a spare laptop which is
setup to wipe and overwrite in minutes.
I'll try to motivate him and help him get it right, and I'll come back to this topic if I have into any problems...
In any case, guys, your answers confirm my initial idea: without knowing exactly what you're doing, it's better to play it safe with software (you'll tell me "as always"
)
