https://bugs.winehq.org/show_bug.cgi?id=37355
--- Comment #29 from Richard Yao ryao@gentoo.org --- That is the last time I post to the bug tracker from a mobile device. Anyway, here is what I imagine as being possible:
A tiny root daemon that opens a unix domain socket that lets programs request file descriptors from /proc. It will do some checks to see if ptrace would allow access. It could do some additional checks to further restrict things such as:
1. The program requesting it is on a white list of allowed programs by checking the /proc/$PID/exe symlink. 2. The program whose fd it requested is a decedent of it in the process tree.
If all checks pass, it could open the file descriptor and send it back via the UNIX domain socket. In the case of wine, the wineserver should be able to pass those checks. wine could get a file descriptor from it to implement `MmMapLockedPagesSpecifyCache()`.