11.3. Locking Down Enabled Extensions
In GNOME Shell, you can prevent the user from enabling or disabling extensions by locking down the
org.gnome.shell.enabled-extensions and org.gnome.shell.development-tools keys.
Locking down the
org.gnome.shell.development-tools key ensures that the user cannot use GNOME Shell's integrated debugger and inspector tool (Looking Glass) to disable any mandatory extensions.
Procedure 11.3. Locking down enabled extensions
- Create a
localdatabase file for machine-wide settings in/etc/dconf/db/local.d/00-extensions:[org/gnome/shell] # List all extensions that you want to have enabled for all users enabled-extensions=['myextension1@myname.example.com', 'myextension2@myname.example.com'] # Disable access to Looking Glass development-tools=false
Theenabled-extensionskey specifies the enabled extensions using the extensions' uuid (myextension1@myname.example.com and myextension2@myname.example.com).Thedevelopment-toolskey is set to false to disable access to Looking Glass. - Override the user's setting and prevent the user from changing it in
/etc/dconf/db/local.d/locks/extensions:# Lock the list of mandatory extensions and access to Looking Glass /org/gnome/shell/enabled-extensions /org/gnome/shell/development-tools
- Update the system databases:
#dconf update - Users must log out and back in again before the system-wide settings take effect.
After locking down the
org.gnome.shell.enabled-extensions and org.gnome.shell.development-tools keys, any extensions installed in ~/.local/share/gnome-shell/extensions or /usr/share/gnome-shell/extensions that are not listed in the org.gnome.shell.enabled-extensions key will not be loaded by GNOME Shell, thus preventing the user from using them.
