Petr Kovar pknbe@volny.cz 2014 Disallow the user to enable or disable GNOME Shell extensions. Lock down enabled extensions

In GNOME Shell, you can prevent the user from enabling or disabling extensions by locking down the org.gnome.shell.enabled-extensions and org.gnome.shell.development-tools keys. This allows you to provide a set of extensions that the user has to use.

Locking down the org.gnome.shell.development-tools key ensures that the user cannot use GNOME Shell’s integrated debugger and inspector tool (Looking Glass) to disable any mandatory extensions.

Lock down the org.gnome.shell.enabled-extensions and org.gnome.shell.development-tools keys

Create a user profile in /etc/dconf/profile/user:

user-db:user system-db:local

Create a local database for machine-wide settings in /etc/dconf/db/local.d/00-extensions:

[org/gnome/shell] # List all extensions that you want to have enabled for all users enabled-extensions=['myextension1@myname.example.com', 'myextension2@myname.example.com'] # Disable access to Looking Glass development-tools=false

The enabled-extensions key specifies the enabled extensions using the extensions’ uuid (myextension1@myname.example.com and myextension2@myname.example.com).

The development-tools key is set to false to disable access to Looking Glass.

Override the user’s setting and prevent the user from changing it in /etc/dconf/db/local.d/locks/extensions:

# Lock the list of enabled extensions /org/gnome/shell/enabled-extensions /org/gnome/shell/development-tools

After locking down the org.gnome.shell.enabled-extensions and org.gnome.shell.development-tools keys, any extensions installed in ~/.local/share/gnome-shell/extensions or /usr/share/gnome-shell/extensions that are not listed in the org.gnome.shell.enabled-extensions key will not be loaded by GNOME Shell, thus preventing the user from using them.