• Pantherina@feddit.de
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    Yes, very good and always on VNC solutions for these desktops need to be there.

    I will do this, I swear. Not sure when haha, but this is so nice. It should start as a ublue spin, they do a great job.

    So:

    • Fedora Silverblue Ublue
    • non wheel user
    • preinstall addons
    • maybe some UI-resetting method (idea: have a second inaccessible profile and override UI changes with that on system boot)
    • preinstall Flatpaks: Flathub, Firefox, Libreoffice, Thunderbird, Pinta, some video player, loupe
    • maybe some apps through distrobox, depending on the school (here is where the ugly part begins)
    • wayvnc + novnc + dynDNS for remote management
    • automatic updates (polkit rule) but nothing else
    • hardened firewall and no exceptions.
    • selinux confined user?
    • parental controls maybe?
    • smb mounting etc allowed. Maybe encrypted folders for personal storage (school account stuff)
    • policies for locking firefox and thunderbird.

    Creating restricted systems is weird though. In Windows it seems every part is intended to be locked down. Linux was never created as such a platform, but I think it could match certain standards.