Looking for a good solution for a hands-free kiosk. (lemmy.zip)

submitted 18 hours ago by Blisterexe@lemmy.zip to c/linux@lemmy.ml

14 comments fedilink hide all child comments

I want to setup a bunch of laptops to be web kiosks, I'll organize my wants into a list so that it's easier to skim:

Open a version of Firefox with the normal ui, tabs and all.
Automatically enters a session with no user input on reboot
Doesn't allow doing anything but interacting with Firefox (kinda obvious, kiosk and all)
Auto-login
Automatic updates, with them being applied on restart
Firefox settings reset on reboot

Nice to haves:

nice Plymouth screen to hide the scary code on startup.
completely block any attempts to change configuration on Firefox
ad-block
easy deployment to a bunch of machines.

If these sound like pretty strict requirements, they are, I'm doing this to attempt to get an internship by making my school's web kiosk laptops not suck (they currently run a janky install of Ubuntu 18.04)

Any help would be greatly appreciated, and I'd be glad to add more information.

you are viewing a single comment's thread
view the rest of the comments

[-] solrize@lemmy.world 7 points 17 hours ago

There's no way to srsly prevent a full-bloat browser from messing with its environment. Make a static VM image and reboot it at the beginning of every session.

[-] rudyharrelson@lemmy.radio 2 points 16 hours ago* (last edited 16 hours ago)

There’s no way to srsly prevent a full-bloat browser from messing with its environment.

Can you elaborate on this? I'm curious as to what manner a browser like Firefox could be exploited in order to affect its environment outside of something like a sandbox escape.

[-] solrize@lemmy.world 2 points 16 hours ago

Tools:preferences, about:config, file downloads, form prefills, remember password, etc. yes you can try to lock everything but it's too easy to miss something. And then there are outright RCEs. There's just too much attack surface.

[-] markstos@lemmy.world 1 points 14 hours ago

I agree. Flatpak could be used to further lockdown what Firefox can do, but it has so much features and complexity that I also expect it to be difficult to successfully lockdown.

I would either start with a product that explicitly has just the features a web-kiosk needs or use something based on ChromeOS, which explicitly has a set of enterprise policies that are there to allow admins to lock down a fleet of Chromebooks as they need.

This is based on the security principle that a system is far more secure if you explicitly allow what you need vs trying to explicitly block or disable all the things you don’t want.

Over time, the features you need to allow your web kiosk needs maybe somewhat static and in your control, while all the features you need to disable in Firefox could be constantly evolving and put of your control if you are keeping Firefox up to date.

this post was submitted on 28 Nov 2024

40 points (97.6% liked)

Linux

48376 readers

752 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
No misinformation
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago

MODERATORS

AgreeableLandscape@lemmy.ml

nooter692@lemmy.ml

MarcellusDrum@lemmy.ml

cypherpunks@lemmy.ml

cyclohexane@lemmy.ml

d3Xt3r@lemmy.nz