Windows applications can still access the Linux functionality when running under Wine, though of course that has to have been purposefully coded in.
However you can run wine itself inside something like firejail to properly sandbox the whole thing - I have Lutris in my Linux gaming machine configured to do just that for all games by default (my firejail config even blocks networking).
There is a launch configuration option under each game (under System Options tabs, if I’m not mistaken) called “command prefix” were you can put the firejail stuff (so if you put just “firejail -someoption” there your game gets launched with, for example “firejail -someoption wine …”) or whatever other sandboxing command you want to use (such as bubblewrap).
In the main Lutris options, there’s a section with the default values for all those launch options for games, so if you put it in the “command prefix” there, all games get launched with that command prefix unless you override it in that game’s launch options (so, for example, if you’re blocking networking for all games but want to run a game for multiplayer over the net, you override the sandboxing wrapper options in that game’s launch options specifically, which won’t affect any other game).
Windows applications can still access the Linux functionality when running under Wine, though of course that has to have been purposefully coded in.
However you can run wine itself inside something like firejail to properly sandbox the whole thing - I have Lutris in my Linux gaming machine configured to do just that for all games by default (my firejail config even blocks networking).
How do you configure that by default?
There is a launch configuration option under each game (under System Options tabs, if I’m not mistaken) called “command prefix” were you can put the firejail stuff (so if you put just “firejail -someoption” there your game gets launched with, for example “firejail -someoption wine …”) or whatever other sandboxing command you want to use (such as bubblewrap).
In the main Lutris options, there’s a section with the default values for all those launch options for games, so if you put it in the “command prefix” there, all games get launched with that command prefix unless you override it in that game’s launch options (so, for example, if you’re blocking networking for all games but want to run a game for multiplayer over the net, you override the sandboxing wrapper options in that game’s launch options specifically, which won’t affect any other game).