3 Apr
2006
3 Apr
'06
4:03 p.m.
I might be wrong, but isn't a suid root winewrapper much more dangerous compared to the realtime-lsm solution? All realtime-lsm does is allowing mlock and realtime privileges for a given user or group, while a suid root wineserver would also have access to root-only files and device nodes, no?
The idea would be to have it drop privs after acquiring CAP_SYS_NICE, or whatever it's called. Alternatively have wineserver run as root (like the real kernel!) and do access checks on the client.