I want to install closed source software such as MS Office. However, since I don’t trust the app fully, is there any way to sandbox it or manage its permissions like one can with Android apps? For instance, how do I ensure that the application can only access certain areas of the file system and nothing else?
How are you planning on installing these programs?
With flatpak, you have a bit of sandboxing for files. However, you have to tinker with the permissions.
Bottles is what you are looking for, and it commonly installed with flatpak, which is able to sandbox it. With
Flatseal you have GUI for the permissions so that you can ensure that it has no access to specific areas.
Anyway, the practical sandbox method in wine is just don’t link the user files in wine to the real home files, but I guess this light sandbox is not what you want.