NAME

malcontent-client - Parental Controls Access Utility

SYNOPSIS

malcontent-client get-app-filter [-q] [-n] [USER]

malcontent-client check-app-filter [-q] [-n] [USER] ARG

malcontent-client set-app-filter [-q] [-n] [USER] ARG

malcontent-client oars-section [-q] [-n] [USER] SECTION

malcontent-client get-session-limits [-q] [-n] [USER]

malcontent-client monitor [-q] [USER]

DESCRIPTION

malcontent-client is a utility for querying and updating the parental controls settings for users on the system. It will typically require administrator access to do anything more than query the current user’s parental controls.

It communicates with accounts-service, which stores parental controls data.

Its first argument is a command to run. The supported commands are documented below.

The command line API and output format are unstable and likely to change in future versions of malcontent-client.

get-app-filter OPTIONS

Get the app filter for a user. For example:

# malcontent-client get-app-filter timmy

USER: Username or ID of the user to get the app filter for. If not specified, the current user will be used by default.
-q, --quiet: Only output error messages, and no informational messages, as the operation progresses. (Default: Output informational messages.)
-n, --no-interactive: Do not allow interactive authorization with polkit. If this is needed to complete the operation, the operation will fail. (Default: Allow interactive authorization.)

check-app-filter OPTIONS

Check if a given program, content type or flatpak ref is permitted to be used by a user, according to their current app filter. For example:

# malcontent-client check-app-filter timmy $(which gnome-calculator)

# malcontent-client check-app-filter timmy x-scheme-handler/http

# malcontent-client check-app-filter timmy app/com.realm667.WolfenDoom_Blade_of_Agony/x86_64/stable

USER: Username or ID of the user to get the app filter for. If not specified, the current user will be used by default.
ARG: Path to a program, content type or flatpak ref to check against the app filter, to see if it is allowed for the specified user.
-q, --quiet: Only output error messages, and no informational messages, as the operation progresses. (Default: Output informational messages.)
-n, --no-interactive: Do not allow interactive authorization with polkit. If this is needed to complete the operation, the operation will fail. (Default: Allow interactive authorization.)

set-app-filter OPTIONS

Set the app filter for a user, replacing all previous values in it. For example:

# malcontent-client set-app-filter timmy \
--disallow-user-installation \
$(which gnome-calculator) \
x-scheme-handler/http \
app/com.realm667.WolfenDoom_Blade_of_Agony/x86_64/stable

USER: Username or ID of the user to set the app filter for. If not specified, the current user will be used by default.
ARG: Item to filter in the user’s app filter. This could either be an absolute path or flatpak ref of a program to block; a content type to block all programs handling that type; or an OARS section=value pair to block installation of apps with a more extreme rating for that OARS section. Multiple items may be specified, and they will replace the user’s current app filter in entirety. If zero items are specified, the app filter is cleared.
--allow-user-installation: Allow the user to install flatpaks to their user repository.
--disallow-user-installation: Disallow the user from installing flatpaks to their user repository.
--allow-system-installation: Allow the user to install flatpaks to the system repository.
--disallow-system-installation: Disallow the user from installing flatpaks to the system repository.
-q, --quiet: Only output error messages, and no informational messages, as the operation progresses. (Default: Output informational messages.)
-n, --no-interactive: Do not allow interactive authorization with polkit. If this is needed to complete the operation, the operation will fail. (Default: Allow interactive authorization.)

oars-section OPTIONS

Get the value set for a specific OARS section from the app filter of the given user. For example:

# malcontent-client oars-section timmy language-profanity

USER: Username or ID of the user to get the OARS filter for. If not specified, the current user will be used by default.
SECTION: OARS section to get the restriction level of the given user for. For example, language-profanity.
-q, --quiet: Only output error messages, and no informational messages, as the operation progresses. (Default: Output informational messages.)
-n, --no-interactive: Do not allow interactive authorization with polkit. If this is needed to complete the operation, the operation will fail. (Default: Allow interactive authorization.)

get-session-limits OPTIONS

Get the session limits set for a user. For example:

# malcontent-client get-session-limits timmy

USER: Username or ID of the user to get the session limits for. If not specified, the current user will be used by default.
-q, --quiet: Only output error messages, and no informational messages, as the operation progresses. (Default: Output informational messages.)
-n, --no-interactive: Do not allow interactive authorization with polkit. If this is needed to complete the operation, the operation will fail. (Default: Allow interactive authorization.)
--now yyyy-mm-ddThh:mm:ssZ: Check session limits (in particular, session expiry time) against the given date/time, provided in ISO 8601 format. (Default: Current date/time.)

monitor OPTIONS

Monitor changes to the parental controls settings for a specific user. For example:

# malcontent-client monitor timmy

USER: Username or ID of the user to monitor the parental controls for. If not specified, the current user will be used by default.
-q, --quiet: Only output error messages, and no informational messages, as the operation progresses. (Default: Output informational messages.)

ENVIRONMENT

malcontent-client supports the standard GLib environment variables for debugging. These variables are not intended to be used in production:

$G_MESSAGES_DEBUG: This variable can contain one or more debug domain names to display debug output for. The value all will enable all debug output. The default is for no debug output to be enabled.

EXIT STATUS

malcontent-client may return one of several error codes if it encounters problems.

0: No problems occurred. The utility ran and successfully queried the app filter. If running the check-app-filter command, the given path, content type or flatpak ref was allowed for the given user.
1: An invalid option was passed to malcontent-client on startup.
2: The current user was not authorized to query the app filter for the given user.
3: If running the check-app-filter command, the given path, content type or flatpak ref was not allowed for the given user.
4: Malcontent is disabled at the system level, and hence parental controls are not enabled or enforced.
5: An operation failed and no more specific error information is available.

BUGS

Any bugs which are found should be reported on the project website:
https://gitlab.freedesktop.org/pwithnall/malcontent/-/issues

AUTHOR

Endless Mobile, Inc.

COPYRIGHT

27 Oct 2020

1.2