http://bugs.winehq.org/show_bug.cgi?id=59215 Bug ID: 59215 Summary: Wine fails to start with SELinux enabled on Rocky Linux 8.10+ Product: Wine Version: 10.0 Hardware: x86-64 OS: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: -unknown Assignee: wine-bugs@list.winehq.org Reporter: rikul@inbox.ru Distribution: --- Wine does not start when SELinux is enabled on Rocky Linux 8.10. Even wineboot fails to run. The issue was reproduced with Wine 9.0, Wine 10.0, and the current master branch. --- Steps to Reproduce --- 1. Enable SELinux (enforcing mode). 2. Run wine or wineboot. --- Actual Result --- Wine fails to start. With WINEDEBUG enabled, the following errors are printed: 14111.628:0020:0024:err:virtual:map_image_into_view failed to set 60000020 protection on L"\\??\\C:\\windows\\system32\\ntdll.dll" section .text, noexec filesystem 14111.613:0028:002c:err:virtual:virtual_setup_exception stack overflow 1344 bytes addr 0x6fffffc2faac stack 0x7ffffe100ac0 (0x7ffffe100000-0x7ffffe101000-0x7ffffe300000) SELinux also reports the following denial: SELinux is preventing /home/*user_path*/wine/bin/wine64-preloader from execmod access on the file /home/*user_path*/wine/lib/wine/x86_64-windows/ntdll.dll. ***** Plugin catchall_boolean (89.3 confidence) suggests ****************** If you want to allow selinuxuser to execmod Then you must tell SELinux about this by enabling the 'selinuxuser_execmod' boolean. Do setsebool -P selinuxuser_execmod 1 ***** Plugin catchall (11.6 confidence) suggests ************************** --- Notes --- Disabling SELinux or switching it to permissive mode allows Wine to start normally. I understand the SELinux-suggested workaround above, however I would like to understand why Wine requires such permissions (execmod on DLL files), as enabling them may introduce potential security risks. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.