Mike Hearn <mike@plan99.net> writes:
I'm not sure it counts as easy. At least Fedora and SUSE already have an
LSM module loaded, for SELinux and AppArmor respectively. Some solution
based on making wineserver suid root might work but I didn't get anywhere
when I played with that.
You're missing the point. The problem is not "how can we bypass system
protections?", the problem is "how can we achieve what we want without
having to bypass anything?". These things are restricted to root
precisely because they can screw up the system, and that's not a power
we want to give to random Win32 apps. What we need is a mechanism that
is safe enough to be enabled by default on all systems, without
requiring suid root or similar hacks.
Alex, I got one idea: Wine-level timeslicing. While this would be doing
what the standard VM system in all OSes does already, it would allow
for us to priortize processes within Wine, controlled by Wine.