Need an interface to lock the screen

I am working on an app that is able to remotely lock the screen of a user. case: you forgot to lock your desktop when you went for lunch/coffee and want to make sure your laptop is locked.

Different desktop environments have different service names to lock the screen:

on KDE: org.kde.screensaver
on Unity and GNOME: org.gnome.ScreenSaver

Regarding path:

on KDE and GNOME: /ScreenSaver
on Unity: /com/canonical/Unity/Session

The dbus interfaces are:

KDE: org.freedesktop.ScreenSaver
Unity: com.canonical.Unity.Session
GNOME: org.gnome.ScreenSaver

I put more organized info here:

Thank you, we will investigate the security impact of the interface and either add this to one of the existing interfaces or create a new, dedicated interface.

@jdstrand Would you be able to give a hand on this one as well?

Is there a reason for us to not expose this with the desktop interface itself, assuming it only allows locking?

I can look at it. We allow inhibit already so Lock doesn’t seem unreasonable OTOH.

1 Like

Two requirements to make it usable:

  1. Allow to check if screen is locked.
  2. Allow to actually lock the screen.

Probably also “inhibit locking” ? (media players usually need that)

We already have ‘screen-inhibit-control’ in a separate interface, which I think is correct because a snap could inhibit screenlocking and expose users to risk. It makes some sense to then have a corresponding screen-lock interface, but because screen locking actually makes things more secure and we would allow auto-connection, I think it makes more sense to simply add to the desktop interface. We’ll try to get this into 2.30. for master and for 2.30.

1 Like

These are both committed. Please test the 2.30 core snap when it hits candidate (or test newer versions that have the change in edge/beta) and comment if it doesn’t work for you.

Any dates on when 2.30 gets uploaded to Xenial ?

So I created a snap that uses the above change, it works fine functionally but does throw an error when bus.get_object() is called.

om26er@chaoticX:~$ linux-desktop-manager
2018-04-09T20:34:08 Successfully joined session 5848950066406832
2018-04-09T20:34:12 Introspect error on :1.21:/org/gnome/ScreenSaver: dbus.exceptions.DBusException: org.freedesktop.DBus.Error.AccessDenied: An AppArmor policy prevents this sender from sending this message to this recipient; type="method_call", sender=":1.294" (uid=1000 pid=14073 comm="python3 /snap/linux-desktop-manager/36/bin/linux-d" label="snap.linux-desktop-manager.linux-desktop-manager (enforce)") interface="org.freedesktop.DBus.Introspectable" member="Introspect" error name="(unset)" requested_reply="0" destination=":1.21" (uid=1000 pid=1849 comm="/usr/bin/gnome-shell " label="unconfined")