Alexandre Julliard wrote:
Mike Hearn mike@plan99.net writes:
I'm not sure it counts as easy. At least Fedora and SUSE already have an LSM module loaded, for SELinux and AppArmor respectively. Some solution based on making wineserver suid root might work but I didn't get anywhere when I played with that.
You're missing the point. The problem is not "how can we bypass system protections?", the problem is "how can we achieve what we want without having to bypass anything?". These things are restricted to root precisely because they can screw up the system, and that's not a power we want to give to random Win32 apps. What we need is a mechanism that is safe enough to be enabled by default on all systems, without requiring suid root or similar hacks.
Alex, I got one idea: Wine-level timeslicing. While this would be doing what the standard VM system in all OSes does already, it would allow for us to priortize processes within Wine, controlled by Wine.