mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-22 18:17:09 +00:00
Code Issues Releases Wiki Activity

utils/aa-sandbox.pod: document limitations

Browse Source
This commit is contained in:
Jamie Strandboge 2012-08-28 08:01:15 -05:00
parent f2050ec13a
commit 06cc33166d
1 changed files with 26 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
utils/aa-sandbox.pod
View File

@ -169,6 +169,30 @@ Xsession(5) script of the form:
After adding the above, it is recommended you remove the existing ~/.Xauthority After adding the above, it is recommended you remove the existing ~/.Xauthority
file, then restart your session. file, then restart your session.
=head1 LIMITATIONS
While B<aa-sandbox> may be useful in certain situations, there are a number
of limitations:
=over
As mentioned, the quality of the template or the specified profile directly
affects the application's confinement.
DBus system access is all or nothing and DBus session access is unconditionally
allowed.
No environment filtering is performed.
X server usage has not been fully audited (though simple attacks are believed
to be protected against when the system is properly setup).
Using a nested X server for each application is expensive.
Surely more...
=back
=head1 BUGS =head1 BUGS
If you find any bugs, please report them to Launchpad at If you find any bugs, please report them to Launchpad at
@ -176,7 +200,7 @@ L<https://bugs.launchpad.net/apparmor/+filebug>.
=head1 SEE ALSO =head1 SEE ALSO
apparmor(7) apparmor.d(5) xpra(1) Xvfb(1) Xorg(1) Xephyr(1) aa-easyprof(8) apparmor(7) apparmor.d(5) aa-easyprof(8) Xorg(1) Xecurity(7) xpra(1) Xvfb(1)
Xecurity(7) Xephyr(1)
=cut =cut