Is it possible to enforce noexec for Wine on ntfs partition ?
Polytropon
freebsd at edvax.de
Tue Apr 25 18:02:24 UTC 2017
On Tue, 25 Apr 2017 17:37:59 +0000, Manish Jain wrote:
> On Tue, Apr 25, 2017 at 10:51 PM, Polytropon <freebsd at edvax.de> wrote:
> Note that I cannot enable this behavior with '-o noexec' : that only disables execution of binaries by the kernel itself, not the emulation layer - which just needs read access.
> Correct. "Windows" programs aren't executed in a manner that it would be triggered by the -noexec mechanism.
>
>
> Hi Poly/others,
>
> But it should be possible to make this a configurable option for
> emulators/wine and emulators/i386-wine. For volumes mounted with
> noexec passed to ntfs-3g/fuse, Wine honours that the noexec
> behaviour everywhere under the volume. That makes good sense to me.
Maybe a "wrapper" that calls wine could implement this specific
check? When the "executable" resides in a volume where noexec is
enabled, wine (the program which is actually executed) will refuse
to load the "Windows" program. It could use the following approach:
1. determine full path of argument given to wine
2. grep in `mount -v` for path, then for "noexec"
3. if it's set, print an error message, else call wine
Just an idea.
--
Polytropon
Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...
More information about the freebsd-questions
mailing list