<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div dir="ltr">
<div bgcolor="#FFFFFF">
<p>Hello mighty plasma developers!</p>
<p>I just wanted to give you a short update on the status of the
kiosk framework in kde/plasma 5.8.4 and i'm hoping for a
little feedback of yours ;-)<br>
</p>
<p><br>
</p>
<p>With all of the following restrictions in place my users are
still able to see at least one context menu entry on every
widget in the main panel. <br>
</p>
<p><br>
</p>
<p>Still showing context menus (or parts of it) are:<br>
</p>
<p>- Menu for "Edit Applications" in the launcher called
"Anwendungsübersicht" and "Anwendungsmenü" (its working in
"Anwendungs-Starter")<br>
</p>
<p>- device manager</p>
<p>- date and time</p>
<p>- networksettings</p>
<p>- konsole (launcher icon )<br>
</p>
<p><br>
</p>
<p>these are the current restrictions:</p>
<p>------------------------------<wbr>------------------------<br>
</p>
<p>[KDE Action Restrictions][$i]<br>
<br>
action/switch_user=false<br>
action/lock_screen=false<br>
action/logout=false<br>
action/kwin_rmb=false</p>
<p>action/plasma/containment_<wbr>actions=false</p>
<p>action/run_command=false<br>
action/options_show_toolbar=<wbr>false<br>
plasma/plasmashell/<wbr>unlockedDesktop=false<br>
plasma/allow_configure_when_<wbr>locked=false<br>
plasma-desktop/add_activities=<wbr>false<br>
unlockedDesktop=false<br>
logout=false<br>
movable_toolbars=false<br>
run_command=false <br>
start_new_session=false</p>
<p>shell_access=false<br>
------------------------------<wbr>------------------------<br>
</p>
<p><br>
</p>
<p>I also found out that restricting the user from entering any
other folder than $home (kde url restricitons) is working
very well for typical kde applications. </p>
<p>libreoffice (even when using the kde file open dialogs -
libreoffice kde integration ) still allows to enter any folder
you like..</p>
<p><br>
</p>
<p>i also kinda hacked my own secure environment where shell
access is not allowed by placing a .desktop file
in .local/share/kservices5/ServiceMenus/ that allows me to
open a terminal in the current folder ^^</p>
<p>dolphin shouldn't allow this.. right?<br>
</p>
<p>_______________________</p>
<p>[Desktop Entry]</p>
<p>Type=Service</p>
<p>Icon=konsole</p>
<p>Actions=openterminal</p>
<p>X-KDE-Priority=TopLevel</p>
<p>ServiceTypes=KonqPopupMenu/Plugin,inode/directory,inode/directory-locked</p>
<p><br>
</p>
<p>[Desktop Action openterminal]</p>
<p>Exec=/usr/bin/konsole --workdir %U</p>
<p>Icon=konsole</p>
<p>Name=Open Terminal Here</p>
<p>______________________________</p>
<p><br>
</p>
<p><br>
</p>
<p>i even placed an xorg.conf file to supress opening ttys
(works as expected) but this little desktop file above did the
job :-) </p>
<p>__________________________ </p>
<p>Section "ServerFlags"</p>
<p> Option "DontVTSwitch" "true"</p>
<p>EndSection</p>
<p>__________________________</p>
<p><br>
</p>
<p><br>
</p>
<p>Should i make a bug report out of this ?</p>
<p>Getting "dolphins" places panel locked too when other
toolbars are locked - is this a featurerequest or a bugreport?</p>
<p>it is really hard to lockdown a system completely.. if i'm
done with it i'm definitely going to write an extensive howto
and a little program :-)</p>
<p>thank you very much in advance.</p>
<p>thomas w.</p>
<p><br>
</p>
<p>PS: i am working on a plasma based "secure exam environment"
(for austrian schools) which i'm going to present at the "day
of digital education" at klagenfurt's university in 2 months.</p>
<p>nothing special...just a few shellscripts with a small UI
(most of it is kdialog for now ) and a lot of preconfigured
files - but it heavily relies on the kiosk framework and a the
live usb installation i'm already using in my school.. <br>
</p>
<p>i'm just working out the kinks.. it's almost ready to go.. <br>
</p>
<p>wouldn't be possible without you.. so thx again!</p>
<p><br>
</p>
<p><br>
</p>
<p><br>
</p>
<p><br>
</p>
<p><br>
</p>
<p><br>
</p>
<p><br>
</p>
<p><br>
</p>
<br>
<div class="gmail-m_-2121032653768660815moz-cite-prefix">On
25.05.2016 16:16, Mag. Weissel Thomas wrote:<br>
</div>
<blockquote type="cite">hello everybody.. <br>
<br>
first of all... wow! this list of fixes is awesome.. thank
you! <br>
<br>
i have a question about this "hide toolbars" restriction.. <br>
<br>
<br>
as you can see in the following screenshot (testing with
dolphin 16.04.0) <br>
<br>
<a class="gmail-m_-2121032653768660815moz-txt-link-freetext"
href="http://test.xapient.net/STUFF/dolphin.jpg"
target="_blank">http://test.xapient.net/STUFF/<wbr>dolphin.jpg</a>
<br>
<br>
i tried to restrict unocking the toolbar (look at the
terminal) <br>
also visible in the screenshot is, that "lock toolbar
positions" is not checked but the handle for moving <br>
the toolbars is hidden.. so it works! although the menu
entry to unlock is still there... <br>
<br>
you can also see that "show toolbar" (rightclick on the
toolbar) and "Main Toolbar" (rightclick on the menubar) is
still visible so hiding the toolbar is possible... <br>
i'm a little bit confused because i read what kai wrote and it
seems that on his installation only the entry in the menubar
context menu is/was visible.. <br>
are we talking about the same thing here? just checking! <br>
<br>
<br>
i tested: <br>
action/manage activities=false <br>
<br>
and it properly hides all entries to configure activities..
"Meta+Q" doesnt open the activities configuration panel
either... yay!! <br>
but "Meta+Tab" shows the activity switcher... holding down
"Meta" and using the mouse on the activity switcher lets me
open the configure dialog.. no configurations are stored so
this is not a big problem.. <br>
<br>
best regards, <br>
thomas <br>
<br>
<br>
<br>
<br>
Am 2016-05-25 um 14:00 schrieb <a
class="gmail-m_-2121032653768660815moz-txt-link-abbreviated"
href="mailto:enterprise-request@kde.org" target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:enterprise-request@kde.org">enterprise-request@kde.org</a></a>:
<br>
<blockquote type="cite">Send Enterprise mailing list
submissions to <br>
<a
class="gmail-m_-2121032653768660815moz-txt-link-abbreviated"
href="mailto:enterprise@kde.org" target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:enterprise@kde.org">enterprise@kde.org</a></a>
<br>
<br>
To subscribe or unsubscribe via the World Wide Web, visit <br>
<a
class="gmail-m_-2121032653768660815moz-txt-link-freetext"
href="https://mail.kde.org/mailman/listinfo/enterprise"
target="_blank"><a class="moz-txt-link-freetext" href="https://mail.kde.org/">https://mail.kde.org/</a><wbr>mailman/listinfo/enterprise</a>
<br>
or, via email, send a message with subject or body 'help' to
<br>
<a
class="gmail-m_-2121032653768660815moz-txt-link-abbreviated"
href="mailto:enterprise-request@kde.org" target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:enterprise-request@kde.org">enterprise-request@kde.org</a></a>
<br>
<br>
You can reach the person managing the list at <br>
<a
class="gmail-m_-2121032653768660815moz-txt-link-abbreviated"
href="mailto:enterprise-owner@kde.org" target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:enterprise-owner@kde.org">enterprise-owner@kde.org</a></a>
<br>
<br>
When replying, please edit your Subject line so it is more
specific <br>
than "Re: Contents of Enterprise digest..." <br>
<br>
<br>
Today's Topics: <br>
<br>
1. Re: status of kde/plasma kiosk framework in kf5 (Kai
Uwe Broulik) <br>
<br>
<br>
------------------------------<wbr>------------------------------<wbr>----------
<br>
<br>
Message: 1 <br>
Date: Wed, 25 May 2016 11:22:32 +0200 <br>
From: Kai Uwe Broulik<a
class="gmail-m_-2121032653768660815moz-txt-link-rfc2396E"
href="mailto:kde@privat.broulik.de" target="_blank"><a class="moz-txt-link-rfc2396E" href="mailto:kde@privat.broulik.de"><kde@privat.broulik.de></a></a>
<br>
To: Plasma<a
class="gmail-m_-2121032653768660815moz-txt-link-rfc2396E"
href="mailto:plasma-devel@kde.org" target="_blank"><a class="moz-txt-link-rfc2396E" href="mailto:plasma-devel@kde.org"><plasma-devel@kde.org></a></a>,<a
class="gmail-m_-2121032653768660815moz-txt-link-rfc2396E"
href="mailto:enterprise@kde.org" target="_blank">"<wbr><a class="moz-txt-link-abbreviated" href="mailto:enterprise@kde.org">enterprise@kde.org</a>"</a>
<br>
<a
class="gmail-m_-2121032653768660815moz-txt-link-rfc2396E"
href="mailto:enterprise@kde.org" target="_blank"><a class="moz-txt-link-rfc2396E" href="mailto:enterprise@kde.org"><enterprise@kde.org></a></a>
<br>
Subject: Re: status of kde/plasma kiosk framework in kf5 <br>
Message-ID:<a
class="gmail-m_-2121032653768660815moz-txt-link-rfc2396E"
href="mailto:E1b5WtM-000269-LO@smtprelay03.ispgateway.de"
target="_blank"><E1b5WtM-000269-LO@<wbr>smtprelay03.ispgateway.de></a>
<br>
Content-Type: text/plain; charset=utf-8 <br>
<br>
Hi Thomas, <br>
<br>
just wanted to give you a quick update. I have just merged
the last patch of our big kiosk fixes pile. <br>
<br>
The following fixes will land in the next Plasma and/or kde
frameworks release : <br>
<br>
* Leave option in desktop toolbox honors kiosk restriction <br>
* KRunner will be completely disabled (eg won't start at
all) when restricted, so you can't bypass that by calling
over DBus directly <br>
* Typing on empty desktop will not try to call krunner if
restricted <br>
* krunner history will be disabled if
lineedit_text_completion is restricted <br>
* Kickoff favorites cannot be rearranged/added/removed when
unlockedDesktop is restricted <br>
* Kickoff applications cannot be edited or added as launcher
to task bar when unlockedDesktop is restricted, the "edit
applications" context menu will also be hidden then <br>
* most applets now won't offer context menu entries about
modules restricted via kde control module restrictions.
Clicking would already not do anything as we already block
launching them but we now avoid a dead menu entry <br>
* right-clicking menu bar can no longer bypass "hide
toolbars" restriction <br>
<br>
(Hope I didn't forget anything) <br>
<br>
As for the always-shown Activities entry, can you try
whether action/manage activities=false (note the space)
works? I'm not sure if we handle spaces there properly. <br>
<br>
David is also currently patching all of our applications so
they use the kiosk keys in the documentation (most
erroneously used action/ prefix for everything). <br>
<br>
If you have any further questions or problems, don't
hesitate to ask, we're happy to help you. <br>
<br>
Kai Uwe <br>
<br>
<br>
<br>
<br>
------------------------------ <br>
<br>
Subject: Digest Footer <br>
<br>
______________________________<wbr>_________________ <br>
Enterprise mailing list <br>
<a
class="gmail-m_-2121032653768660815moz-txt-link-abbreviated"
href="mailto:Enterprise@kde.org" target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:Enterprise@kde.org">Enterprise@kde.org</a></a>
<br>
<a class="gmail-m_-2121032653768660815moz-txt-link-freetext"
href="https://mail.kde.org/mailman/listinfo/enterprise"
target="_blank">https://mail.kde.org/mailman/<wbr>listinfo/enterprise</a>
<br>
<br>
<br>
------------------------------ <br>
<br>
End of Enterprise Digest, Vol 3, Issue 11 <br>
******************************<wbr>*********** <br>
</blockquote>
<br>
</blockquote>
<br>
</div>
</div>
</body>
</html>