Is it possible to enforce noexec for Wine on ntfs partition ?
freebsd at edvax.de
Tue Apr 25 17:22:35 UTC 2017
On Tue, 25 Apr 2017 16:56:04 +0000, Manish Jain wrote:
> I would ideally like the following behavior enforced by the driver :
> for regular files
> (i.e. non-directory files), Wine cannot execute the binary from the
> NTFS volume. If
> any user wishes to execute the binary under Wine, he must first copy
> the file to
> somewhere outside the NTFS volume (possibly $HOME).
When you execute programs with wine, it just reads ("copies") the
file from the mounted NTFS volume, so that would not make any
difference. You'd basically have to implement a more general way
to control _reading_ access to files. With the basic mount options,
that isn't really possible.
Also note that for certain programs, it's not sufficient to just
copy a binary and run that. Libraries and other resource files
might be involved. However, a "local installation" in ~/.wine/drive_c
would be possible.
> Note that I cannot enable this behavior with '-o noexec' : that only
> execution of binaries by the kernel itself, not the emulation layer -
> which just
> needs read access.
Correct. "Windows" programs aren't executed in a manner that it
would be triggered by the -noexec mechanism.
> Is it possible for me to achieve that behaviour ?
Not as a simple tweak, as far as I know...
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...
More information about the freebsd-questions