Schlagwort-Archive: SoK

Season of KDE (3) – KDE Action Restrictions

To have a working KIOSK tool again, Confine needs to support another key feature of the KIOSK framework: KDE Action Restrictions.

A KDE Application can check if a certain Action is allowed. For example the action logout could be forbidden. So every time the logout action is performed, an application checks, if this action is allowed. Thus a user can still use an application, but certain actions are restricted to him.

These settings are stored in the kdeglobals file, in your KDE profile directory.

For my season of KDE project I had to compile a list of all currently used KDE Action Restrictions. I did a quick search throughout all KDE projects for the use of the KAuthorized framework and published my results in the confine repository. Although Confine is not finished yet, you might found this list beneficial, if you want to configure KIOSK restrictions manually.

Still a lot of KDE applications don’t support KDE Action Restrictions (anymore). For a revival of the whole KIOSK concept it would be highly beneficial, if more application are starting to use KDE Action Restrictions.

Seasons of KDE (2)

As mentioned in my earlier post, the KIOSK framework changed a lot between KDE3 and Plasma. So using the old code and simply port it to kf5 was not an option. My Mentor suggested, I start implementing profile support, which is one of the key feature of KIOSK.
Profiles have a special meaning in KDE, they are directories, were configuration files are being stored. This way you can give a specific user, or a group a certain set of configurations. A useful feature for system administration. In the old days, this was done via /etc/kderc, which saves the profiles, and via a second configuration file to store a mapping between the profiles and the user. For a more detailed explanation have a look at this.
But in kf5 things changed: profiles are now set via environment variables XDG_CONFIG_DIRS and XDG_CONFIG_HOME . These variables contain a list of possible configuration directories. The first entry has top priority, so every program tries to take their configuration from this directory. If no config file could be found, the program looks in the second directory and so on. XDG_CONFIG_HOME takes priority over XDG_CONFIG_DIRS, except for some global configuration options (e.g. kdeglobal).
This fundamental change affects the design for Confine. Suddenly every user can have multiple profiles with different priorities. And this environment variable has to be stored somewhere. Ubuntu has a good guide for this, but things might be different for different distributions, and to make things worse, they might be different for different users, as they use different shells. So the place, where to store these environment variables has to be stored for every user.