Is it possible to enforce noexec for Wine on ntfs partition ?

Polytropon freebsd at
Tue Apr 25 18:02:24 UTC 2017

On Tue, 25 Apr 2017 17:37:59 +0000, Manish Jain wrote:
> On Tue, Apr 25, 2017 at 10:51 PM, Polytropon <freebsd at> wrote:
> Note that I cannot enable this behavior with '-o noexec' : that only disables execution of binaries by the kernel itself, not the emulation layer - which just needs read access.
> Correct. "Windows" programs aren't executed in a manner that it would be triggered by the -noexec mechanism.
> Hi Poly/others,
> But it should be possible to make this a configurable option for
> emulators/wine and emulators/i386-wine. For volumes mounted with
> noexec passed to ntfs-3g/fuse, Wine honours that the noexec
> behaviour everywhere under the volume. That makes good sense to me.

Maybe a "wrapper" that calls wine could implement this specific
check? When the "executable" resides in a volume where noexec is
enabled, wine (the program which is actually executed) will refuse
to load the "Windows" program. It could use the following approach:

1. determine full path of argument given to wine
2. grep in `mount -v` for path, then for "noexec"
3. if it's set, print an error message, else call wine

Just an idea.

Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...

More information about the freebsd-questions mailing list