Red Hat Training

A Red Hat training course is available for Red Hat Enterprise Linux

11.3. Locking Down Enabled Extensions

In GNOME Shell, you can prevent the user from enabling or disabling extensions by locking down the org.gnome.shell.enabled-extensions and org.gnome.shell.development-tools keys.
Locking down the org.gnome.shell.development-tools key ensures that the user cannot use GNOME Shell's integrated debugger and inspector tool (Looking Glass) to disable any mandatory extensions.

Procedure 11.3. Locking down enabled extensions

  1. Create a local database file for machine-wide settings in /etc/dconf/db/local.d/00-extensions:
    [org/gnome/shell]
    # List all extensions that you want to have enabled for all users
    enabled-extensions=['myextension1@myname.example.com', 'myextension2@myname.example.com']
    # Disable access to Looking Glass
    development-tools=false
    
    The enabled-extensions key specifies the enabled extensions using the extensions' uuid (myextension1@myname.example.com and myextension2@myname.example.com).
    The development-tools key is set to false to disable access to Looking Glass.
  2. Override the user's setting and prevent the user from changing it in /etc/dconf/db/local.d/locks/extensions:
    # Lock the list of mandatory extensions and access to Looking Glass
    /org/gnome/shell/enabled-extensions
    /org/gnome/shell/development-tools
    
  3. Update the system databases:
    # dconf update
  4. Users must log out and back in again before the system-wide settings take effect.
After locking down the org.gnome.shell.enabled-extensions and org.gnome.shell.development-tools keys, any extensions installed in ~/.local/share/gnome-shell/extensions or /usr/share/gnome-shell/extensions that are not listed in the org.gnome.shell.enabled-extensions key will not be loaded by GNOME Shell, thus preventing the user from using them.