RHEL7 Gnome 3 Kiosk Configuration

Posted on

I thought it might be useful to start a conversation on creating a kiosk out of the RHEL7 workstation. Here are some of the steps I took to create a basic functionality to that end. Maybe it will help other people, and I can improve the process a bit better?

After creating a kiosk user account:

create a kiosk file for required components
- /var/lib/AccountsService/users/kiosk

[User]
Language=en_US.UTF-8
XSession=kiosk
RequiredComponents=kiosk-app;gnome-settings-daemon;kiosk-shell;
SystemAccount=false
  • enable auto login
/var/lib/AccountsService/users/kiosk

# GDM custom config kiosk mode
[daemon]
AutomaticLoginEnable=true
AutomaticLogin=kiosk
TimedLoginEnable=false

[security]

[xdmcp]

[chooser]

[debug]

Locking down is a little more tricky, but this is what I understand so far.

Disables or enables gnome features such as wifi or banner messages

/org/gnome/login-screen/banner-message-enable
  • /etc/dconf/db/local.d/locks/
[org/gnome/desktop/session]
idle-delay=uint32 0
  • /etc/dconf/db/gdm.d/

check override for values if your kiosk keeps locking
- /usr/share/glib-2.0/schemas/*.override

setting the custom lockout/screensaver idle-delay=uint32 0
- /etc/dconf/db/local.d/00-session

after gnome changes

dconf update

Depending on your environment or how you have things set you may have a custom gnome hardening configuration already. I did most of my idle lock and screen saver adjustments to 00-session and adjusted my standard hardening configuration; everything works well so far and was able to replicate this on another display driver.

My current plan is to walk back the gnome locks in /etc/dconf/db/local.d/locks/ to remove desktop icons; maybe attempt to figure out the right way to remove the top bar? I am by no means a gnome expert so if I am way off base in this please let me know; I'm going to update this when I see some good progress on my end.

Laszlo Coleman's picture

Responses