Creating KIOSK System - Issue with GNOME ( Overview Mode )

Hi All,

I’ve recently just came across this forum, I must say it’s very comprehensive and intresting to see various people’s opinions.

I’m here to ask is there a simple configuration file that I can amend that allows me to hide the Activities button (Top Left) , System Settings (Top Right) and to disable the Overview Mode? Or to create a KIOSK mode on initial login?

I understand you’ve suggested an extension, but I’d argue that the provenance of the code should be looked into, especially as it appears you want to prevent others from making changes to your code.

Kind Regards,
Vincent Walker

There is a project under the GNOME umbrella geared towards the KIOSK use-case, maybe you’ll find it interesting:

Otherwise, an extension would be the way. I don’t know whether Just Perfection has all the options you need.

Is this something that can be deployed in an offline/ isolated environment or does it require the internet and can it be configured by a script or config file ?

Yes, why do you think it needs an internet connection? It’s just a window manager for kiosks, based on Mutter.


Mutter based compositor for kiosks

GNOME Kiosk provides a desktop environment suitable for fixed purpose, or single application deployments like wall displays and point-of-sale systems.

It provides a very minimal wayland display server and compositor and Xorg compositor and window manager. It automatically starts applications fullscreen.

Notably, GNOME Kiosk features no panels, dashes, or docks that could distract from the application using it as a platform.



Although, what type of dynamic or static code testing does the extensions go through? Is there any code practices they follow or any code review?

IMO gnome-kiosk is the most reliable and go-to way for kiosk. Sure you can also use gnome-shell with extension, but I don’t recommend this. Why doesn’t gnome-kiosk work for your use-case?

Now to your question:
When using gnome-shell extensions you should look who are the developers. For example, the developer of this vertical-overview extension is RensAlthuis and some other contributors. You decide are they trustworthy. The case is the same that is with any software, the developer can be good or bad. He can test his code carefully or poorly.
There are also a few official extensions by GNOME Project.

Tip: The best is always install gnome-shell extensions from the repositories of the distro that you use. Usually those packages are named gnome-shell-extension-*.

It’s great that there are trustworthy developers out there, and I’m grateful for their help.

However, for me as a Security Expert, Developer and IT Expert I have to ask these questions, to ensure that I’ve done my due diligence. Why wouldn’t the functionality be included inside of GNOME, why does it have to be an extension?

I’ve always tried to keep my IT systems as native as I possibly can, within reason. And to me by adding external code into the Operating System without knowing what it does under the hood doesn’t fill me with alot of confidence.

For me I’ll always look at using the CIA triad as a reference point, which looks at three main topics; Confidentiality, Integrity and Availability. I’m focusing on Integrity for this post, who’s to say that the extension hasn’t been tampered with, are there certain controls in place to prevent someone from folking a project and then injecting a malicious payload?

It takes one vulnerability to be exploited by a malicious actor and the your in the system.

The fact there is an extension for this use case is great, but why wasn’t this use case included into GNOME?

I always ask “so what?”, when it comes to any topic, as it provides me with the ability to drill into the finer details.

gnome-kiosk is not an extension. It is a compositor that can be used instead of gnome-shell, not on top of it.

(But just like in the case of gnome-shell, the heavy lifting is done by libmutter)

1 Like

You misunderstood something. Software stacks are these:
Mutter, display server
GNOME Shell, UI/graphical shell that calls compositor draw all to the display. You can extend GNOME Shell with extensions.

GNOME Kiosk, display server based on Mutter. GNOME Kiosk can make only kiosk and that’s it. It doesn’t support extensions or anything. Just kiosk.

Why wouldn’t the functionality be included inside of GNOME, why does it have to be an extension?

Please define what you mean by GNOME in this context. GNOME is name for a software suite called desktop environment. Components of GNOME are display server, graphical shell and several core applications. All components can also be used alone.
I assume by GNOME you mean GNOME Shell. GNOME Shell doesn’t support kiosk because kiosk software must be light and reliable. It isn’t good to use GNOME Shell, which is full of nuts and bolts, as kiosk. GNOME Kiosk has everything you need for kiosk in one binary. Light, simple, reliable and secure.

1 Like

That doesn’t make sense. Mutter and GNOME Kiosk both are compositors, so, during using GNOME Kiosk AFAIK Mutter is not used?

Mutter is a library, used to build both GNOME Shell (source) and GNOME Kiosk (source).

No, it isn’t. I’ve been using only Mutter (/usr/bin/mutter) without other GNOME components. It’s own program, binary.

file /usr/bin/mutter
/usr/bin/mutter: ELF 64-bit LSB pie executable, x86-64...

Thanks for the reply, sorry for the confusion. Would you chaps know if RedHat Enterprise Linux (GNOME display manager) includes GNOME KIOSK and know of any good configuration examples?


I just linked directly to the source. I can see that every conversation you engage in is going to be an uphill battle, but it would greatly appreciated if you didn’t mislead others.

Mutter is, absolutely and beyond a shadow of a doubt a library used by GNOME Shell and GNOME Kiosk. You can view the API documentation, with the description that states “The Mutter display server, window manager and compositor library.

The place (support ticket) is indeed wrong, but I think it’s reasonable to suspect your answer.

If Mutter is only a library, what is the /usr/bin/mutter binary? File command says that it is an executable binary not a library:

file /usr/bin/mutter
/usr/bin/mutter: ELF 64-bit LSB pie executable, x86-64...

compare to

file /usr/lib64/ 
/usr/lib64/ ELF 64-bit LSB shared object

and the README says:

Mutter is a Wayland display server and X11 window manager and compositor library.

Okay, one last try.

Mutter is a library used to build both GNOME Shell and GNOME Kiosk. It is a dependency of those projects, which will not build or operate without the mutter dependency.

Included in the Mutter repository is mutter.c used to build the mutter executable, and I hope it is clear that this itself depends on the mutter library.

Mutter is a library. It is used to build GNOME Shell. It is used to build GNOME Kiosk.