Mike Hearn mike at
Mon Apr 3 11:03:47 CDT 2006

> I might be wrong, but isn't a suid root winewrapper much more dangerous 
> compared to the realtime-lsm solution? All realtime-lsm does is allowing 
> mlock and realtime privileges for a given user or group, while a suid root 
> wineserver would also have access to root-only files and device nodes, no?

The idea would be to have it drop privs after acquiring CAP_SYS_NICE, or 
whatever it's called.

Alternatively have wineserver run as root (like the real kernel!) and do 
access checks on the client.

More information about the wine-devel mailing list