man(8) malcontent-client man page man(8) NAME malcontent-client - Parental Controls Access Utility SYNOPSIS malcontent-client get-app-filter [-q] [-n] [USER] malcontent-client check-app-filter [-q] [-n] [USER] ARG malcontent-client set-app-filter [-q] [-n] [USER] ARG malcontent-client oars-section [-q] [-n] [USER] SECTION malcontent-client get-session-limits [-q] [-n] [USER] malcontent-client monitor [-q] [USER] DESCRIPTION malcontent-client is a utility for querying and updating the parental controls settings for users on the system. It will typically require administrator access to do anything more than query the current user's parental controls. It communicates with accounts-service, which stores parental controls data. Its first argument is a command to run. The supported commands are documented below. The command line API and output format are unstable and likely to change in future versions of malcontent-client. get-app-filter OPTIONS Get the app filter for a user. For example: # malcontent-client get-app-filter timmy USER Username or ID of the user to get the app filter for. If not specified, the current user will be used by default. -q, --quiet Only output error messages, and no informational messages, as the operation progresses. (Default: Output informational messages.) -n, --no-interactive Do not allow interactive authorization with polkit. If this is needed to complete the operation, the operation will fail. (Default: Allow interactive authorization.) check-app-filter OPTIONS Check if a given program, content type or flatpak ref is permitted to be used by a user, according to their current app filter. For example: # malcontent-client check-app-filter timmy $(which gnome-calculator) # malcontent-client check-app-filter timmy x-scheme-handler/http # malcontent-client check-app-filter timmy app/com.realm667.WolfenDoom_Blade_of_Agony/x86_64/stable USER Username or ID of the user to get the app filter for. If not specified, the current user will be used by default. ARG Path to a program, content type or flatpak ref to check against the app filter, to see if it is allowed for the specified user. -q, --quiet Only output error messages, and no informational messages, as the operation progresses. (Default: Output informational messages.) -n, --no-interactive Do not allow interactive authorization with polkit. If this is needed to complete the operation, the operation will fail. (Default: Allow interactive authorization.) set-app-filter OPTIONS Set the app filter for a user, replacing all previous values in it. For example: # malcontent-client set-app-filter timmy \ --disallow-user-installation \ $(which gnome-calculator) \ x-scheme-handler/http \ app/com.realm667.WolfenDoom_Blade_of_Agony/x86_64/stable USER Username or ID of the user to set the app filter for. If not specified, the current user will be used by default. ARG Item to filter in the user's app filter. This could either be an absolute path or flatpak ref of a program to block; a content type to block all programs handling that type; or an OARS section=value pair to block installation of apps with a more extreme rating for that OARS section. Multiple items may be specified, and they will replace the user's current app filter in entirety. If zero items are specified, the app filter is cleared. --allow-user-installation Allow the user to install flatpaks to their user repository. --disallow-user-installation Disallow the user from installing flatpaks to their user repository. --allow-system-installation Allow the user to install flatpaks to the system repository. --disallow-system-installation Disallow the user from installing flatpaks to the system repository. -q, --quiet Only output error messages, and no informational messages, as the operation progresses. (Default: Output informational messages.) -n, --no-interactive Do not allow interactive authorization with polkit. If this is needed to complete the operation, the operation will fail. (Default: Allow interactive authorization.) oars-section OPTIONS Get the value set for a specific OARS section from the app filter of the given user. For example: # malcontent-client oars-section timmy language-profanity USER Username or ID of the user to get the OARS filter for. If not specified, the current user will be used by default. SECTION OARS section to get the restriction level of the given user for. For example, language-profanity. -q, --quiet Only output error messages, and no informational messages, as the operation progresses. (Default: Output informational messages.) -n, --no-interactive Do not allow interactive authorization with polkit. If this is needed to complete the operation, the operation will fail. (Default: Allow interactive authorization.) get-session-limits OPTIONS Get the session limits set for a user. For example: # malcontent-client get-session-limits timmy USER Username or ID of the user to get the session limits for. If not specified, the current user will be used by default. -q, --quiet Only output error messages, and no informational messages, as the operation progresses. (Default: Output informational messages.) -n, --no-interactive Do not allow interactive authorization with polkit. If this is needed to complete the operation, the operation will fail. (Default: Allow interactive authorization.) --now yyyy-mm-ddThh:mm:ssZ Check session limits (in particular, session expiry time) against the given date/time, provided in ISO 8601 format. (Default: Current date/time.) monitor OPTIONS Monitor changes to the parental controls settings for a specific user. For example: # malcontent-client monitor timmy USER Username or ID of the user to monitor the parental controls for. If not specified, the current user will be used by default. -q, --quiet Only output error messages, and no informational messages, as the operation progresses. (Default: Output informational messages.) ENVIRONMENT malcontent-client supports the standard GLib environment variables for debugging. These variables are not intended to be used in production: $G_MESSAGES_DEBUG This variable can contain one or more debug domain names to display debug output for. The value all will enable all debug output. The default is for no debug output to be enabled. EXIT STATUS malcontent-client may return one of several error codes if it encounters problems. 0 No problems occurred. The utility ran and successfully queried the app filter. If running the check-app-filter command, the given path, content type or flatpak ref was allowed for the given user. 1 An invalid option was passed to malcontent-client on startup. 2 The current user was not authorized to query the app filter for the given user. 3 If running the check-app-filter command, the given path, content type or flatpak ref was not allowed for the given user. 4 Malcontent is disabled at the system level, and hence parental controls are not enabled or enforced. 5 An operation failed and no more specific error information is available. BUGS Any bugs which are found should be reported on the project website: https://gitlab.freedesktop.org/pwithnall/malcontent/-/issues AUTHOR Endless Mobile, Inc. COPYRIGHT Copyright (C) 2018 Endless Mobile, Inc. 1.2 27 Oct 2020 man(8)