As I understand it, because the aa Firefox profile has this:
it can't run XInput. However, if the malware gets out of FF and onto the computer, it's free to do so, because it is unconstrained by Apparmor. The problem for the malware, as I said before, is:Code:/usr/ r, /usr/** r,
1) How it gets onto the computer in the first place
2) How it launches
Because aa stops it from getting to anywhere it can self-start, it would have to be extra crafty or trick the user into running it. And that last option is the most likely, since it only depends on one vulnerability.
Bookmarks