Hi. Suppose that a program M (malicious) tries to open a URL in a web
browser V (victim). In a typical AppArmor profile for M, V is executed
with the `Px` mode, for example:
```
/usr/lib/firefox/firefox Px,
```
Can M give V an environment variable (`WAYLAND_DISPLAY` for Wayland or
`DISPLAY` for X11) which tells V to execute user input from a Unix
socket which M controls? If yes, then M can do something on websites
under the name of a user. In other words, V isn't isolated after all.
I'm worried because this situation is quite common. Many programs are
expected to open a URL, and many jobs are controlled via a web browser
nowadays.
