Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 25 Apr 2017 20:02:18 +0200
From:      Polytropon <>
To:        Manish Jain <>
Cc:        "" <>
Subject:   Re: Is it possible to enforce noexec for Wine on ntfs partition ?
Message-ID:  <>
In-Reply-To: <>
References:  <> <> <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On Tue, 25 Apr 2017 17:37:59 +0000, Manish Jain wrote:
> On Tue, Apr 25, 2017 at 10:51 PM, Polytropon <> wrote:
> Note that I cannot enable this behavior with '-o noexec' : that only disables execution of binaries by the kernel itself, not the emulation layer - which just needs read access.
> Correct. "Windows" programs aren't executed in a manner that it would be triggered by the -noexec mechanism.
> Hi Poly/others,
> But it should be possible to make this a configurable option for
> emulators/wine and emulators/i386-wine. For volumes mounted with
> noexec passed to ntfs-3g/fuse, Wine honours that the noexec
> behaviour everywhere under the volume. That makes good sense to me.

Maybe a "wrapper" that calls wine could implement this specific
check? When the "executable" resides in a volume where noexec is
enabled, wine (the program which is actually executed) will refuse
to load the "Windows" program. It could use the following approach:

1. determine full path of argument given to wine
2. grep in `mount -v` for path, then for "noexec"
3. if it's set, print an error message, else call wine

Just an idea.

Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...

Want to link to this message? Use this URL: <>