Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 25 Apr 2017 19:21:17 +0200
From:      Polytropon <freebsd@edvax.de>
To:        Manish Jain <bourne.identity@hotmail.com>
Cc:        "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org>
Subject:   Re: Is it possible to enforce noexec for Wine on ntfs partition ?
Message-ID:  <20170425192117.c1b04abc.freebsd@edvax.de>
In-Reply-To: <VI1PR02MB1200E6067CAC56CF36BB0B31F61E0@VI1PR02MB1200.eurprd02.prod.outlook.com>
References:  <VI1PR02MB1200E6067CAC56CF36BB0B31F61E0@VI1PR02MB1200.eurprd02.prod.outlook.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Tue, 25 Apr 2017 16:56:04 +0000, Manish Jain wrote:
> I would ideally like the following behavior enforced by the driver :
> for regular files
> (i.e. non-directory files), Wine cannot execute the binary from the
> NTFS volume. If
> any user wishes to execute the binary under Wine, he must first copy
> the file to
> somewhere outside the NTFS volume (possibly $HOME).

When you execute programs with wine, it just reads ("copies") the
file from the mounted NTFS volume, so that would not make any
difference. You'd basically have to implement a more general way
to control _reading_ access to files. With the basic mount options,
that isn't really possible.

Also note that for certain programs, it's not sufficient to just
copy a binary and run that. Libraries and other resource files
might be involved. However, a "local installation" in ~/.wine/drive_c
would be possible.



> Note that I cannot enable this behavior with '-o noexec' : that only
> disables
> execution of binaries by the kernel itself, not the emulation layer -
> which just
> needs read access.

Correct. "Windows" programs aren't executed in a manner that it
would be triggered by the -noexec mechanism.



> Is it possible for me to achieve that behaviour ?

Not as a simple tweak, as far as I know...




-- 
Polytropon
Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20170425192117.c1b04abc.freebsd>