Hey everyone, I’m trying to figure out a clean way to isolate some Windows software I need to test for a gaming project, but NixOS’s strict permissions are fighting me every step of the way.
Instead of booting up a full Windows VM, I wanted to use a sandboxed Wine prefix to test an executable I grabbed from this delta apk just to see how it behaves under Linux. The main issue is that the tool requires deep system-level access to inject into other processes, and NixOS’s read-only /nix/store combined with Wine’s FHS environment is causing it to crash immediately on launch.
This brings up a few related issues. First, whenever I try to force the permissions using steam-run or building a custom FHS wrapper, the tool’s internal anti-tamper checks fail because it expects a standard Windows registry structure that the sandbox just doesn’t replicate cleanly. Second, I’m highly concerned about the security implications of giving an injection tool broader write access to my home directory just to bypass these crashes.
Has anyone successfully containerized this kind of aggressive Windows software in NixOS, or am I better off just spinning up a disposable QEMU VM to keep my host system completely insulated?