<div dir="ltr">Hello everybody,<div>Because this topic is still very important for me i continued to work on - and with the KDE Kiosk framework.</div><div><br></div><div>I wanted to inform you about my latest project:</div><div><br></div><div><a href="https://github.com/valueerrorx/life-kiosk">https://github.com/valueerrorx/life-kiosk</a><br></div><div><br></div><div>The github page has all the information so i'll try keeping it short:</div><div><br></div><div>I started to work on an userinterface for the kiosk configuration. As you can see in the .gif on the github page the userinterface is almost ready. the kiosk keys are still untested (i took the liberty of copying the .kiosk files from the old kiosk application that existed 13 years ago) so there is still a lot of work to do.. those .kiosk files (and therefore a major part of the UI) are a little bit "disordered"</div><div><br></div><div>it's written in python and qt (spagetthi code for now) and the ui autogenerates itself for the most part by parsing the .kiosk files...</div><div>so this low barrier entry hopefully means that this project will easily find someone to keep it running if - for some reason - i stop working on it</div><div>i just started working on it a few days ago and i do not have unlimited time... unfortunately... but i will definitely continue refining it </div><div><br></div><div>i am still searching for a good way to make plasma (widgets) and kwin re-read the configuration files other than </div><div>kquitapp5 ksmserver</div><div><br></div><div>so if you have good ideas and want to help - very much appreciated :-)</div><div><br></div><div>i searched for options in qdbus but without success...</div><div><br></div><div><span style="font-family:monospace">qdbus org.kde.KWin /KWin org.kde.KWin.reloadConfig
<br>Error: org.freedesktop.DBus.Error.UnknownMethod (even if its listed - this happens very often unfortunately)<br>
<br></span></div><div>hopefully A LOT of the kiosk keys are going to be tested in the near future and i can make an extensive list of what works and what not and i hope i can still count on your help... thx a million !</div><div><br></div><div>greetings from austria,</div><div>thomas</div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><br><div class="gmail_quote"><div dir="ltr">On Thu, Sep 28, 2017 at 1:44 PM Thomas Weissel <<a href="mailto:valueerror@gmail.com">valueerror@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">after further testing it seems that SHORTCUTS (in general) are a problem now.. with meta+Q it is now possible to see the "activities configuration" again.. it seems those kde global shortcuts don't listen to what is written in /etc/kde5rc anymore :-(<div><br></div><div>thx in advance</div></div><div dir="ltr"><div>thomas</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Sep 28, 2017 at 1:30 PM, Thomas Weissel <span dir="ltr"><<a href="mailto:valueerror@gmail.com" target="_blank">valueerror@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hello everybody.<div><br></div><div>Short update: I'm presenting the "life-exam" (secure exam environment) in lower austria on monday and i worked hard on fixing bugs an implementing features the last 2 weeks. </div><div><br></div><div>KDE KIOSK system is making a lot of this possible :-)</div><div><br></div><div><br></div><div><br></div><div>There is ONE important thing that came up during the last test with 10 students where i could need your help.</div><div><br></div><div><br></div><div>In kde 5.10 this suddenly stopped working and frankly - it's a VERY bad idea to allow students access to the run command interface during an exam.. :-)</div><div><br></div><div>______________________________</div><div>action/run_command=false<br></div><div>run_command=false<br></div><div>______________________________</div><div><br></div><div>one student accidentially hit ALT+SPACE and started the run command interface during the test exam.. </div><div>those two lines should restrict that..</div><div><br></div><div>could you please have a look at that ?</div><div><br></div><div>thanks to all of you.. and if you think this is better placed into a bug report. please tell me</div><div>cheers thomas</div><div><br></div><div><br></div><div>PS: Still showing context menus (or parts of it) are:</div><span><div><br></div><div>- device manager<br>- date and time</div><div>- networksettings</div><div><br></div></span><div>this should be restricted by:</div><div>______________________________________</div><div>plasma/allow_configure_when_locked=false<br></div><div>action/plasma/containment_actions=false<br></div><div>_______________________________________</div><div><br></div><div><br></div></div><div class="m_8747275703065756949HOEnZb"><div class="m_8747275703065756949h5"><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Dec 6, 2016 at 9:35 PM, Thomas Weissel <span dir="ltr"><<a href="mailto:valueerror@gmail.com" target="_blank">valueerror@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div dir="ltr">
<div bgcolor="#FFFFFF">
<p>Hello mighty plasma developers!</p>
<p>I just wanted to give you a short update on the status of the
kiosk framework in kde/plasma 5.8.4 and i'm hoping for a
little feedback of yours ;-)<br>
</p>
<p><br>
</p>
<p>With all of the following restrictions in place my users are
still able to see at least one context menu entry on every
widget in the main panel. <br>
</p>
<p><br>
</p>
<p>Still showing context menus (or parts of it) are:<br>
</p>
<p>- Menu for "Edit Applications" in the launcher called
"Anwendungsübersicht" and "Anwendungsmenü" (its working in
"Anwendungs-Starter")<br>
</p>
<p>- device manager</p>
<p>- date and time</p>
<p>- networksettings</p>
<p>- konsole (launcher icon )<br>
</p>
<p><br>
</p>
<p>these are the current restrictions:</p>
<p>------------------------------------------------------<br>
</p>
<p>[KDE Action Restrictions][$i]<br>
<br>
action/switch_user=false<br>
action/lock_screen=false<br>
action/logout=false<br>
action/kwin_rmb=false</p>
<p>action/plasma/containment_actions=false</p>
<p>action/run_command=false<br>
action/options_show_toolbar=false<br>
plasma/plasmashell/unlockedDesktop=false<br>
plasma/allow_configure_when_locked=false<br>
plasma-desktop/add_activities=false<br>
unlockedDesktop=false<br>
logout=false<br>
movable_toolbars=false<br>
run_command=false <br>
start_new_session=false</p>
<p>shell_access=false<br>
------------------------------------------------------<br>
</p>
<p><br>
</p>
<p>I also found out that restricting the user from entering any
other folder than $home (kde url restricitons) is working
very well for typical kde applications. </p>
<p>libreoffice (even when using the kde file open dialogs -
libreoffice kde integration ) still allows to enter any folder
you like..</p>
<p><br>
</p>
<p>i also kinda hacked my own secure environment where shell
access is not allowed by placing a .desktop file
in .local/share/kservices5/ServiceMenus/ that allows me to
open a terminal in the current folder ^^</p>
<p>dolphin shouldn't allow this.. right?<br>
</p>
<p>_______________________</p>
<p>[Desktop Entry]</p>
<p>Type=Service</p>
<p>Icon=konsole</p>
<p>Actions=openterminal</p>
<p>X-KDE-Priority=TopLevel</p>
<p>ServiceTypes=KonqPopupMenu/Plugin,inode/directory,inode/directory-locked</p>
<p><br>
</p>
<p>[Desktop Action openterminal]</p>
<p>Exec=/usr/bin/konsole --workdir %U</p>
<p>Icon=konsole</p>
<p>Name=Open Terminal Here</p>
<p>______________________________</p>
<p><br>
</p>
<p><br>
</p>
<p>i even placed an xorg.conf file to supress opening ttys
(works as expected) but this little desktop file above did the
job :-) </p>
<p>__________________________ </p>
<p>Section "ServerFlags"</p>
<p> Option "DontVTSwitch" "true"</p>
<p>EndSection</p>
<p>__________________________</p>
<p><br>
</p>
<p><br>
</p>
<p>Should i make a bug report out of this ?</p>
<p>Getting "dolphins" places panel locked too when other
toolbars are locked - is this a featurerequest or a bugreport?</p>
<p>it is really hard to lockdown a system completely.. if i'm
done with it i'm definitely going to write an extensive howto
and a little program :-)</p>
<p>thank you very much in advance.</p>
<p>thomas w.</p>
<p><br>
</p>
<p>PS: i am working on a plasma based "secure exam environment"
(for austrian schools) which i'm going to present at the "day
of digital education" at klagenfurt's university in 2 months.</p>
<p>nothing special...just a few shellscripts with a small UI
(most of it is kdialog for now ) and a lot of preconfigured
files - but it heavily relies on the kiosk framework and a the
live usb installation i'm already using in my school.. <br>
</p>
<p>i'm just working out the kinks.. it's almost ready to go.. <br>
</p>
<p>wouldn't be possible without you.. so thx again!</p><span>
<p><br>
</p>
<p><br>
</p>
<p><br>
</p>
<p><br>
</p>
<p><br>
</p>
<p><br>
</p>
<p><br>
</p>
<p><br>
</p>
<br>
<div class="m_8747275703065756949m_462623188872904060m_-3233344603587579602gmail-m_-2121032653768660815moz-cite-prefix">On
25.05.2016 16:16, Mag. Weissel Thomas wrote:<br>
</div>
</span><div><div class="m_8747275703065756949m_462623188872904060h5"><blockquote type="cite">hello everybody.. <br>
<br>
first of all... wow! this list of fixes is awesome.. thank
you! <br>
<br>
i have a question about this "hide toolbars" restriction.. <br>
<br>
<br>
as you can see in the following screenshot (testing with
dolphin 16.04.0) <br>
<br>
<a class="m_8747275703065756949m_462623188872904060m_-3233344603587579602gmail-m_-2121032653768660815moz-txt-link-freetext" href="http://test.xapient.net/STUFF/dolphin.jpg" target="_blank">http://test.xapient.net/STUFF/dolphin.jpg</a>
<br>
<br>
i tried to restrict unocking the toolbar (look at the
terminal) <br>
also visible in the screenshot is, that "lock toolbar
positions" is not checked but the handle for moving <br>
the toolbars is hidden.. so it works! although the menu
entry to unlock is still there... <br>
<br>
you can also see that "show toolbar" (rightclick on the
toolbar) and "Main Toolbar" (rightclick on the menubar) is
still visible so hiding the toolbar is possible... <br>
i'm a little bit confused because i read what kai wrote and it
seems that on his installation only the entry in the menubar
context menu is/was visible.. <br>
are we talking about the same thing here? just checking! <br>
<br>
<br>
i tested: <br>
action/manage activities=false <br>
<br>
and it properly hides all entries to configure activities..
"Meta+Q" doesnt open the activities configuration panel
either... yay!! <br>
but "Meta+Tab" shows the activity switcher... holding down
"Meta" and using the mouse on the activity switcher lets me
open the configure dialog.. no configurations are stored so
this is not a big problem.. <br>
<br>
best regards, <br>
thomas <br>
<br>
<br>
<br>
<br>
Am 2016-05-25 um 14:00 schrieb <a class="m_8747275703065756949m_462623188872904060m_-3233344603587579602gmail-m_-2121032653768660815moz-txt-link-abbreviated" href="mailto:enterprise-request@kde.org" target="_blank"></a><a class="m_8747275703065756949m_462623188872904060m_-3233344603587579602moz-txt-link-abbreviated" href="mailto:enterprise-request@kde.org" target="_blank">enterprise-request@kde.org</a>:
<br>
<blockquote type="cite">Send Enterprise mailing list
submissions to <br>
<a class="m_8747275703065756949m_462623188872904060m_-3233344603587579602gmail-m_-2121032653768660815moz-txt-link-abbreviated" href="mailto:enterprise@kde.org" target="_blank"></a><a class="m_8747275703065756949m_462623188872904060m_-3233344603587579602moz-txt-link-abbreviated" href="mailto:enterprise@kde.org" target="_blank">enterprise@kde.org</a>
<br>
<br>
To subscribe or unsubscribe via the World Wide Web, visit <br>
<a class="m_8747275703065756949m_462623188872904060m_-3233344603587579602gmail-m_-2121032653768660815moz-txt-link-freetext" href="https://mail.kde.org/mailman/listinfo/enterprise" target="_blank"></a><a class="m_8747275703065756949m_462623188872904060m_-3233344603587579602moz-txt-link-freetext" href="https://mail.kde.org/" target="_blank">https://mail.kde.org/</a>mailman/listinfo/enterprise
<br>
or, via email, send a message with subject or body 'help' to
<br>
<a class="m_8747275703065756949m_462623188872904060m_-3233344603587579602gmail-m_-2121032653768660815moz-txt-link-abbreviated" href="mailto:enterprise-request@kde.org" target="_blank"></a><a class="m_8747275703065756949m_462623188872904060m_-3233344603587579602moz-txt-link-abbreviated" href="mailto:enterprise-request@kde.org" target="_blank">enterprise-request@kde.org</a>
<br>
<br>
You can reach the person managing the list at <br>
<a class="m_8747275703065756949m_462623188872904060m_-3233344603587579602gmail-m_-2121032653768660815moz-txt-link-abbreviated" href="mailto:enterprise-owner@kde.org" target="_blank"></a><a class="m_8747275703065756949m_462623188872904060m_-3233344603587579602moz-txt-link-abbreviated" href="mailto:enterprise-owner@kde.org" target="_blank">enterprise-owner@kde.org</a>
<br>
<br>
When replying, please edit your Subject line so it is more
specific <br>
than "Re: Contents of Enterprise digest..." <br>
<br>
<br>
Today's Topics: <br>
<br>
1. Re: status of kde/plasma kiosk framework in kf5 (Kai
Uwe Broulik) <br>
<br>
<br>
----------------------------------------------------------------------
<br>
<br>
Message: 1 <br>
Date: Wed, 25 May 2016 11:22:32 +0200 <br>
From: Kai Uwe Broulik<a class="m_8747275703065756949m_462623188872904060m_-3233344603587579602gmail-m_-2121032653768660815moz-txt-link-rfc2396E" href="mailto:kde@privat.broulik.de" target="_blank"></a><a class="m_8747275703065756949m_462623188872904060m_-3233344603587579602moz-txt-link-rfc2396E" href="mailto:kde@privat.broulik.de" target="_blank"><kde@privat.broulik.de></a>
<br>
To: Plasma<a class="m_8747275703065756949m_462623188872904060m_-3233344603587579602gmail-m_-2121032653768660815moz-txt-link-rfc2396E" href="mailto:plasma-devel@kde.org" target="_blank"></a><a class="m_8747275703065756949m_462623188872904060m_-3233344603587579602moz-txt-link-rfc2396E" href="mailto:plasma-devel@kde.org" target="_blank"><plasma-devel@kde.org></a>,<a class="m_8747275703065756949m_462623188872904060m_-3233344603587579602gmail-m_-2121032653768660815moz-txt-link-rfc2396E" href="mailto:enterprise@kde.org" target="_blank">"</a><a class="m_8747275703065756949m_462623188872904060m_-3233344603587579602moz-txt-link-abbreviated" href="mailto:enterprise@kde.org" target="_blank">enterprise@kde.org</a>"
<br>
<a class="m_8747275703065756949m_462623188872904060m_-3233344603587579602gmail-m_-2121032653768660815moz-txt-link-rfc2396E" href="mailto:enterprise@kde.org" target="_blank"></a><a class="m_8747275703065756949m_462623188872904060m_-3233344603587579602moz-txt-link-rfc2396E" href="mailto:enterprise@kde.org" target="_blank"><enterprise@kde.org></a>
<br>
Subject: Re: status of kde/plasma kiosk framework in kf5 <br>
Message-ID:<a class="m_8747275703065756949m_462623188872904060m_-3233344603587579602gmail-m_-2121032653768660815moz-txt-link-rfc2396E" href="mailto:E1b5WtM-000269-LO@smtprelay03.ispgateway.de" target="_blank"><E1b5WtM-000269-LO@smtprelay03.ispgateway.de></a>
<br>
Content-Type: text/plain; charset=utf-8 <br>
<br>
Hi Thomas, <br>
<br>
just wanted to give you a quick update. I have just merged
the last patch of our big kiosk fixes pile. <br>
<br>
The following fixes will land in the next Plasma and/or kde
frameworks release : <br>
<br>
* Leave option in desktop toolbox honors kiosk restriction <br>
* KRunner will be completely disabled (eg won't start at
all) when restricted, so you can't bypass that by calling
over DBus directly <br>
* Typing on empty desktop will not try to call krunner if
restricted <br>
* krunner history will be disabled if
lineedit_text_completion is restricted <br>
* Kickoff favorites cannot be rearranged/added/removed when
unlockedDesktop is restricted <br>
* Kickoff applications cannot be edited or added as launcher
to task bar when unlockedDesktop is restricted, the "edit
applications" context menu will also be hidden then <br>
* most applets now won't offer context menu entries about
modules restricted via kde control module restrictions.
Clicking would already not do anything as we already block
launching them but we now avoid a dead menu entry <br>
* right-clicking menu bar can no longer bypass "hide
toolbars" restriction <br>
<br>
(Hope I didn't forget anything) <br>
<br>
As for the always-shown Activities entry, can you try
whether action/manage activities=false (note the space)
works? I'm not sure if we handle spaces there properly. <br>
<br>
David is also currently patching all of our applications so
they use the kiosk keys in the documentation (most
erroneously used action/ prefix for everything). <br>
<br>
If you have any further questions or problems, don't
hesitate to ask, we're happy to help you. <br>
<br>
Kai Uwe <br>
<br>
<br>
<br>
<br>
------------------------------ <br>
<br>
Subject: Digest Footer <br>
<br>
_______________________________________________ <br>
Enterprise mailing list <br>
<a class="m_8747275703065756949m_462623188872904060m_-3233344603587579602gmail-m_-2121032653768660815moz-txt-link-abbreviated" href="mailto:Enterprise@kde.org" target="_blank"></a><a class="m_8747275703065756949m_462623188872904060m_-3233344603587579602moz-txt-link-abbreviated" href="mailto:Enterprise@kde.org" target="_blank">Enterprise@kde.org</a>
<br>
<a class="m_8747275703065756949m_462623188872904060m_-3233344603587579602gmail-m_-2121032653768660815moz-txt-link-freetext" href="https://mail.kde.org/mailman/listinfo/enterprise" target="_blank">https://mail.kde.org/mailman/listinfo/enterprise</a>
<br>
<br>
<br>
------------------------------ <br>
<br>
End of Enterprise Digest, Vol 3, Issue 11 <br>
***************************************** <br>
</blockquote>
<br>
</blockquote>
<br>
</div></div></div>
</div>
</div>
</blockquote></div><br></div>
</div></div></blockquote></div><br></div>
</blockquote></div></div>