I’ve recently just came across this forum, I must say it’s very comprehensive and intresting to see various people’s opinions.
I’m here to ask is there a simple configuration file that I can amend that allows me to hide the Activities button (Top Left) , System Settings (Top Right) and to disable the Overview Mode? Or to create a KIOSK mode on initial login?
I understand you’ve suggested an extension, but I’d argue that the provenance of the code should be looked into, especially as it appears you want to prevent others from making changes to your code.
Is this something that can be deployed in an offline/ isolated environment or does it require the internet and can it be configured by a script or config file ?
Yes, why do you think it needs an internet connection? It’s just a window manager for kiosks, based on Mutter.
GNOME Kiosk
Mutter based compositor for kiosks
GNOME Kiosk provides a desktop environment suitable for fixed purpose, or single application deployments like wall displays and point-of-sale systems.
It provides a very minimal wayland display server and compositor and Xorg compositor and window manager. It automatically starts applications fullscreen.
Notably, GNOME Kiosk features no panels, dashes, or docks that could distract from the application using it as a platform.
IMO gnome-kiosk is the most reliable and go-to way for kiosk. Sure you can also use gnome-shell with extension, but I don’t recommend this. Why doesn’t gnome-kiosk work for your use-case?
Now to your question:
When using gnome-shell extensions you should look who are the developers. For example, the developer of this vertical-overview extension is RensAlthuis and some other contributors. You decide are they trustworthy. The case is the same that is with any software, the developer can be good or bad. He can test his code carefully or poorly.
There are also a few official extensions by GNOME Project.
Tip: The best is always install gnome-shell extensions from the repositories of the distro that you use. Usually those packages are named gnome-shell-extension-*.
It’s great that there are trustworthy developers out there, and I’m grateful for their help.
However, for me as a Security Expert, Developer and IT Expert I have to ask these questions, to ensure that I’ve done my due diligence. Why wouldn’t the functionality be included inside of GNOME, why does it have to be an extension?
I’ve always tried to keep my IT systems as native as I possibly can, within reason. And to me by adding external code into the Operating System without knowing what it does under the hood doesn’t fill me with alot of confidence.
For me I’ll always look at using the CIA triad as a reference point, which looks at three main topics; Confidentiality, Integrity and Availability. I’m focusing on Integrity for this post, who’s to say that the extension hasn’t been tampered with, are there certain controls in place to prevent someone from folking a project and then injecting a malicious payload?
It takes one vulnerability to be exploited by a malicious actor and the your in the system.
The fact there is an extension for this use case is great, but why wasn’t this use case included into GNOME?
I always ask “so what?”, when it comes to any topic, as it provides me with the ability to drill into the finer details.
You misunderstood something. Software stacks are these: Mutter, display server GNOME Shell, UI/graphical shell that calls compositor draw all to the display. You can extend GNOME Shell with extensions.
GNOME Kiosk, display server based on Mutter. GNOME Kiosk can make only kiosk and that’s it. It doesn’t support extensions or anything. Just kiosk.
Why wouldn’t the functionality be included inside of GNOME, why does it have to be an extension?
Please define what you mean by GNOME in this context. GNOME is name for a software suite called desktop environment. Components of GNOME are display server, graphical shell and several core applications. All components can also be used alone.
I assume by GNOME you mean GNOME Shell. GNOME Shell doesn’t support kiosk because kiosk software must be light and reliable. It isn’t good to use GNOME Shell, which is full of nuts and bolts, as kiosk. GNOME Kiosk has everything you need for kiosk in one binary. Light, simple, reliable and secure.
Thanks for the reply, sorry for the confusion. Would you chaps know if RedHat Enterprise Linux (GNOME display manager) includes GNOME KIOSK and know of any good configuration examples?
I just linked directly to the source. I can see that every conversation you engage in is going to be an uphill battle, but it would greatly appreciated if you didn’t mislead others.
Mutter is, absolutely and beyond a shadow of a doubt a library used by GNOME Shell and GNOME Kiosk. You can view the API documentation, with the description that states “The Mutter display server, window manager and compositor library”.
Mutter is a library used to build both GNOME Shell and GNOME Kiosk. It is a dependency of those projects, which will not build or operate without the mutter dependency.
Included in the Mutter repository is mutter.c used to build the mutter executable, and I hope it is clear that this itself depends on the mutter library.
Mutter is a library. It is used to build GNOME Shell. It is used to build GNOME Kiosk.