Is it possible to enforce noexec for Wine on ntfs partition ?

Polytropon freebsd at
Tue Apr 25 17:22:35 UTC 2017

On Tue, 25 Apr 2017 16:56:04 +0000, Manish Jain wrote:
> I would ideally like the following behavior enforced by the driver :
> for regular files
> (i.e. non-directory files), Wine cannot execute the binary from the
> NTFS volume. If
> any user wishes to execute the binary under Wine, he must first copy
> the file to
> somewhere outside the NTFS volume (possibly $HOME).

When you execute programs with wine, it just reads ("copies") the
file from the mounted NTFS volume, so that would not make any
difference. You'd basically have to implement a more general way
to control _reading_ access to files. With the basic mount options,
that isn't really possible.

Also note that for certain programs, it's not sufficient to just
copy a binary and run that. Libraries and other resource files
might be involved. However, a "local installation" in ~/.wine/drive_c
would be possible.

> Note that I cannot enable this behavior with '-o noexec' : that only
> disables
> execution of binaries by the kernel itself, not the emulation layer -
> which just
> needs read access.

Correct. "Windows" programs aren't executed in a manner that it
would be triggered by the -noexec mechanism.

> Is it possible for me to achieve that behaviour ?

Not as a simple tweak, as far as I know...

Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...

More information about the freebsd-questions mailing list