https://bugs.winehq.org/show_bug.cgi?id=8332
--- Comment #29 from oiaohm oiaohm@gmail.com --- (In reply to Olivier F. R. Dierick from comment #28)
Hello,
My opinion is that someone should investigate what the anti-cheat of battlefield 4 is doing and change the staged patchset accordingly so that it's not necessary to use other workarounds.
Regards.
I kind of agree.
I was the one who introduced using capabilities over using run as root. This was after a few users running as root successfully had malware nuke their complete computer.
We have users currently using capabilities in a very dangerous way and some of them are getting hurt by it. There is really no nice system either.
It would be good if we had like /etc/wine/security in that security item was a list formated like
[wineprefix] [list of enabled capabilities]
Of course anything not on the enabled capabilities for a wine-prefix would be dropped if wine had it. This would allow users to run some programs with extra capabilities and others without instead of the current blanket allow all or allow none usage people are doing.
Of course I would prefer if a method was found so capability options were not required. I am accepting reality here we are going to have to live with some users increase capabilities on wine but we need to make it as safe as possible.