> > Yes for the last statement, but extraordinary user's mileage may vary. > > It can choose between (a) running wine as root and (b) running > > LIDS-patched kernel [8] plus this command: > > > > # lidsadm -A -s /path/to/some_wine_binary_piece -o CAP_SYS_RAWIO -j > > GRANT > > Couldn't you also unmap the I/O ports memory and catch segmentation > faults referring to that area, then reroute them through some system > service running as root? It's safer than running wine as root.
All that one needs is a small setuid-root wrapper that grants needed ioperms and then folds back to regular user and execs wine. Cheers, Kuba