Secure Kiosk Mode


I am searching how to launch an app in kiosk mode. I have looked at this tutorial How to create your first recipe and enable auto-start using systemd which explains how to launch an app at boot.

I also looked at this tutorial Web Application for Interactive Kiosk Devices but it seems that if you close the browser you still have access to the rest of the device.

My app is either a python app running tkinter or a QT based app.

What is the solution to secure my device ?

Best regards

Hi @Austriker that is a pretty broad question. I know that Chromium has a kiosk mode built in but that is only part of the security implementation on a device. What kind of access are you trying to prohibit? just exiting the GUI doesn’t necessarily provide access to the device but you really need to define what kind of attacks are you explicitly looking to protect against.

If your writing an application with a UI toolkit/framework, then most will have the ability to override/implement callbacks for their quit/exit/close event hooks, If you want a locked in kiosk mode app that is.
If you worried about app crashing then also update your systemd service unit file with required Restart= policy

I want to have it full screen and avoid when it crashes to have access to the desktop behind. Limit access through someone that plugs a keyboard on the computer. For example avoid windows + T to acces the terminal.

I avoid all of this by not having a desktop installed at all as my programming language (Java) supports running apps on x11 or hardware accelerated framebuffer directly. I use the latter to avoid the unnecessary overhead of x11. I’d bet Qt has the same type of support.