libmalcontent implements parental controls support which can be used by applications to filter or limit the access of child accounts to inappropriate content.
Go to file
Philip Withnall bffab0942f malcontent-control: Move the app restrictions into a separate dialogue
Rather than having a scrollable listbox within a scrollable list of
widgets, move the listbox out to a separate dialogue.

This involves separating out all the code to query the apps, to get and
to set the app filter, from `MctUserControls` out into the new
`MctRestrictApplicationsSelector`. Most of it is unchanged, aside from
its interaction with the filter: the filter is now provided to the
widget by the calling code, rather than being queried by the widget
itself. The widget’s status can be queried into an
`MctAppFilterBuilder`, rather than being used to set the app filter
directly.

This commit redesigns the appearance of the relevant widgets in the main
window so that they follow the new list-box-like visual design. A
following commit will apply similar changes to the other widgest in the
main screen.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
2020-02-03 17:29:17 +00:00
accounts-service libmalcontent: Add a SessionLimits interface for time-limited sessions 2020-01-16 13:17:45 +00:00
libmalcontent libmalcontent: Add type macros for boxed types 2020-02-03 17:29:17 +00:00
malcontent-client docs: Mention that malcontent-client command line API is unstable 2020-01-17 11:24:32 +00:00
malcontent-control malcontent-control: Move the app restrictions into a separate dialogue 2020-02-03 17:29:17 +00:00
pam tests: Add pam_malcontent.so tests 2020-01-16 13:27:17 +00:00
po malcontent-control: Move the app restrictions into a separate dialogue 2020-02-03 17:29:17 +00:00
subprojects build: Force libglib-testing to link statically 2018-12-20 17:44:45 +00:00
tools build: Port meson-make-symlink script to Python 2019-12-02 22:57:13 +08:00
.gitlab-ci.yml malcontent-control: Reformat and rename code from gnome-control-center 2020-01-29 15:31:42 +00:00
.gitmodules tests: Add comprehensive tests for libeos-parental-controls 2018-12-20 13:01:01 +00:00
COPYING Initial commit of README and COPYING 2018-09-24 15:35:58 +01:00
NEWS Release version 0.4.0 2019-06-17 11:57:35 +01:00
README.md docs: Update list of dependencies in README.md 2019-10-30 14:38:24 +00:00
malcontent.doap docs: Port README to Markdown and update a few references 2019-02-26 17:48:03 +00:00
meson.build malcontent-control: Add initial skeleton application 2020-01-29 15:07:15 +00:00
meson_options.txt pam: Add a `pam_malcontent.so` module to enforce time-limited sessions 2020-01-16 13:27:17 +00:00
template.test.in libeos-parental-controls: Add placeholder unit tests 2018-10-06 00:48:36 +01:00

README.md

malcontent

malcontent implements support for restricting the type of content accessible to non-administrator accounts on a Linux system. Typically, when this is used, a non-administrator account will be for a child using the system; and the administrator accounts will be for the parents; and the content being filtered will be apps which are not suitable for the child to use, due to (for example) being too violent.

It provides an accounts-service vendor extension for storing an app filter to restrict the childs access to certain applications; and a simple library for accessing and applying the app filter. This results in the policy being stored in /var/lib/AccountsService/users/${user}, which is a key file readable and writable only by the accounts-service daemon. Access to the data is mediated through accounts-services D-Bus interface, which libmalcontent is a client library for.

All the library APIs are currently unstable and are likely to change wildly.

Two kinds of policy are currently supported:

  • A filter specifying whether installed applications are allowed to be run; this is typically set up to restrict access to a limited set of already-installed applications — but it can be set up to only allow access to a fixed list of applications and deny access to all others. Applications which are not currently installed are not subject to this filter.
  • A set of mappings from OARS categories to the maximum ratings for those categories which are permissible for a user to install apps with. For example, a mapping of violence-realistic=mild would prevent any applications containing more than mild violence from being installed. Applications which are already installed are not subject to this filter.

Additional policies may be added in future, such as filtering by content type or limiting the amount of time a user is allowed to use the system for.

Any application or service which provides the user with access to content which should be parentally filtered is responsible for querying the users parental controls filter and refusing to provide the content if not permitted by the filter. This could mean refusing to launch a flatpak app, hiding a search result in gnome-shell, or hiding an app in gnome-software because of its high OARS rating.

A sufficiently technically advanced user may always work around these parental controls. malcontent is not a mandatory access control (MAC) system like AppArmor or SELinux. However, its correct use by applications should provide enough of an obstacle to prevent users easily or accidentally having access to content which they shouldnt.

Example usage

malcontent ships a malcontent-client application which can be used to get and set parental controls policies for users.

$ # This sets the parental controls policy for user philip to allow no \\
    installation of apps with anything more than none for realistic violence, \\
    and to blacklist running the org.freedesktop.Bustle flatpak:
$ malcontent-client set philip \\
    violence-realistic=none \\
    app/org.freedesktop.Bustle/x86_64/stable
App filter for user 1000 set

With that policy in place, other applications which are aware of malcontent will apply the policy:

$ flatpak run org.freedesktop.Bustle
error: Running app/org.freedesktop.Bustle/x86_64/stable is not allowed by the policy set by your administrator

Dependencies

  • accounts-service
  • dbus-daemon
  • gio-2.0 ≥ 2.60
  • gio-unix-2.0 ≥ 2.60
  • glib-2.0 ≥ 2.60
  • gobject-2.0 ≥ 2.60
  • polkit-gobject-1

Licensing

All code in this project is licensed under LGPL-2.1+. See COPYING for more details.

Bugs

Bug reports and patches should be filed in GitLab.