I am putting a(nother) LibreELEC media server on RaspberryPi5 into a "configuration meddling hostile environment"... the one that went there first has had the file selection menus all messed up and some configurations changed that shouldn't have been...
Are there any guides out there for how to lock down the system so that the users can browse, select and play the onboard media, but otherwise not manipulate the configurations in any way without a password?
In short, there is no "restricted/secure" GUI mode in Kodi suited for Kiosk use. If I needed to do this for myself I would probably look into tweaking the skin so accessing problem navigation/settings options requires the skin to be in expert mode; then ship the skin in basic mode and have a systemd service that runs on startup (before Kodi.target) to sed the guisettings.xml file to forcibly reset the skin mode back to basic (or if there are multiple settings to reset, a bash script that handles them all). Then in theory "turning it off and on again" will restore the system to a known state. Taking that contept to a more extreme level you could have systemd run a script that erases /storage/.kodi and restores a pre-configured environment from a .tar flie on each boot. I'd invest more time and effort in ensuring the system powers up in a known state than in trying to prevent fiddling in the first place.
Thanks... in this environment I'd like to avoid power cycles, but it's definitely a step in the right direction to be able to reset using them. Reddit has a lot of questions around kiosk mode for Kodi, but the answers sort of vaguely point at the Aeon Nox skin and don't seem to get "all the way there..."
It feels like the missing piece is requiring a password to take the skin out of Basic mode - is that really a difficult thing for a developer to do? It wouldn't have to be a high security password, having the secret defined in a config file would be enough, and for my use case even having a standard password in the distro, something like: "letmein", would do the job.
So, basically I'm starting here: https://kodi.wiki/view/HOW-TO:Es…nt_for_skinning and ripping out everything that can cause trouble. The only real trick I've turned is in the keymap.xml:
<keymap>
<global>
<keyboard>
<F5>ReloadSkin()</F5>
<F7>ActivateWindow(settings)</F7>
<F8>Skin.ToggleDebug()</F8>
</keyboard>
</global>
</keymap>that way I can use F7 to get back to Settings and reload the original skin if I ever mess up too bad. Then, when I've got it fully locked down I can remove the keymap.xml and the thing is locked, and if I ever want to get back in and modify it, I can ssh in, replace keymap.xml, F7 and switch to the original Estuary skin to do whatever I need to do.
Kodi has "profile" support, but I understand it to be more about how to manage different sources/libraries for different users than security lockdown capabilities, and it's one of the more unloved areas of the Kodi codebase so you should expect inconsistencies and quirks on implementation. It might help, or it might not (not something I use so can't really speak from experience).
I've actually gotten pretty far with the above by copying the Estuary skin to a new name, then ssh-ing in to the new skin and blowing away the stuff I don't want (using the above keymap to help get around on the skin side) - a lot of things I didn't want got turned off in Settings, then Settings itself isn't accessible (other than through the temporary keymap) due to the removals of settings access points in the skin.
This is definitely more of a one-off project than something easily bundled to ship for others to use, but for people who can get around an ssh connection and edit xml files, it's not too hard to do.
So, with a combination of settings, skin removals, node removals, and keymap mods I think it's fully secured. Time will tell.
Help I got from the Kodi forums is in this thread: https://forum.kodi.tv/showthread.php?tid=376699