From 028accfd58fc446cd6b9b8bcc4cbbab1bff7911e Mon Sep 17 00:00:00 2001
From: Silvio Rhatto <rhatto@riseup.net>
Date: Sun, 31 Dec 2017 17:41:55 -0200
Subject: Adds kvmx-restricted-shell

---
 kvmx-shell | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'kvmx-shell')

diff --git a/kvmx-shell b/kvmx-shell
index 5149087..a8a7eb1 100755
--- a/kvmx-shell
+++ b/kvmx-shell
@@ -22,4 +22,14 @@
 DIRNAME="`dirname $0`"
 
 # Dispatch
+#
+# WARNING: this is not a restricted shell. By using the "config" action
+# one can easilly run arbitrary commands. So assume kvmx-shell is just
+# a utility wrapper for kvmx and not a complete isolation sollution.
+#
+# Assume this shell is as safe as giving /bin/bash access to the user.
+#
+# You might use `kvmx-restricted-shell` instead of use it as an example to
+# build a restricted shell by allowing just a small subset of kvmx commands
+# like starting/stopping the guest.
 $DIRNAME/kvmx shell $USER
-- 
cgit v1.2.3