My need is the following: I would like to allow an application (grim) to be launched only from an interactive shell, but not from another application, especially a script shell...
In principle, is this possible with AppArmor?
Rather than an interactive shell, wouldn't it be better to use a specific "unlock/startup" application that takes care of launching the application passed as a parameter?
What could be the workaround for a malicious application? Can it cascade start an interactive shell, which in turn launches the application I want to protect?
grim - grab images from a Wayland compositor
Thanks,
grim allows to make screenshots under Wayland. I would like to use it from Sway. But how sure can I be that no malicious application can also use it for its own purposes?