The following is a review of the new parental control features coming to GNOME and what we need to do to ensure it is well integrated into Ubuntu desktop. This page may become out of date as new information is learnt or projects develop.
- The parental controls project is Malcontent, developed by Endless, primary developer Philip Withnall.
- Uses an AccountsService vendor extension to store policy on user accounts:
$ gdbus call --system --dest org.freedesktop.Accounts --object-path /org/freedesktop/Accounts/User1001 --method org.freedesktop.DBus.Properties.Get 'com.endlessm.ParentalControls.AppFilter' 'AppFilter' (<(false, ['app/org.gnome.Calculator/x86_64/stable'])>,)
- The app filter (example above) contains either Flatpak refs (
app/org.gnome.Calculator/x86_64/stable) or full paths (
/usr/bin/gnome-calculator). It does not use/support AppStream IDs, desktop IDs or Snap names at this time.
- Applications or services that provide access to content that should be filtered need to access AccountsService to check the filters - malcontent helps to put barriers up to users but doesn’t guarantee that content is not accessible.
- The malcontent project provides a graphical tool for configuring parental controls. It only shows apps that are Flatpaks (detected using the
X-Flatpakkey in the desktop file) or desktop files that have to
X-Parental-Controlskey set to anything other than
- gnome-shell checks the filters to limit what applications are shown.
gnome-control-center filters the applications panel using malcontent. The user panel shows parental control status and launches the malcontent tool when selected:
- gnome-software filters applications both locally and remotely (based on OARS ratings).
- The Flatpak command line tool filters applications both locally and remotely.
- There is a PAM module (part of malcontent project) that acts on the malcontent time restrictions.
What integrations we may need in Ubuntu
- Ensure that gnome-shell, gnome-software and gnome-control-center are all compiled with malcontent support. This will require malcontent to be in main.
- We will need to distribute the malcontent PAM module by default if we want time restrictions.
- We may want to modify the
snap runcommand to check malcontent (otherwise users can get around the limitation if they use the command line).
- To make snaps show up in the malcontent configuration tool we need snaps to set the
X-Parental-Controlkey set in snap .desktop files OR we need to make malcontent understand snap desktop files (using the
- If we want OARS content rating support with snaps, this would need integration end-to-end from the Snap Store service to snapd and any snapd clients (e.g. the Snap Store app).