...> Filesystem Access Domain subsystem allows restriction of accessible > filesystem parts for both individual users and programs. Now you can > restrict user activities to only its home, mailbox etc. Filesystem > Access Domains works on device, dir and individual file granularity. > > IP Labeling lists enable restriction on allowed network connections on > per program basis. From now on, you may configure your policy so that > no one except your favorite MTA can connect to remote port 25... So using these features plus some wrapper scripts around Wine, it should be possible to prevent Windows applications from going where they are not allowed. -- Francois Gouget fgouget@free.fr http://fgouget.free.fr/ I haven't lost my mind, it's backed up on tape around here somewhere...