malcontent-client - Man Page

malcontent-client get-app-filter [-q] [-n] [USER]

malcontent-client check-app-filter [-q] [-n] [USER] ARG

malcontent-client set-app-filter [-q] [-n] [USER] ARG

malcontent-client oars-section [-q] [-n] [USER] SECTION

malcontent-client get-session-limits [-q] [-n] [USER]

malcontent-client set-session-limits [-q] [-n] [USER] LIMIT-TYPE

malcontent-client monitor [-q] [USER]

malcontent-client record-usage [-q] USAGE-ENTRIES

malcontent-client query-usage [-q] USER RECORD-TYPE IDENTIFIER

malcontent-client get-estimated-times [-q] RECORD-TYPE

malcontent-client request-extension [-q] RECORD-TYPE IDENTIFIER [DURATION] [--wait]

malcontent-client get-web-filter [-q] [-n] [USER]

malcontent-client set-web-filter [-q] [-n] [USER] ARG

malcontent-client update-web-filters [-q] [-n] [USER]

malcontent-client dump-web-filters [-q] [-n] [USER]

malcontent-client is a utility for querying and updating the parental controls settings for users on the system. It will typically require administrator access to do anything more than query the current user’s parental controls.

It communicates with accounts-service, which stores parental controls data.

Its first argument is a command to run. The supported commands are documented below.

The command line API and output format are unstable and likely to change in future versions of malcontent-client.

Get the app filter for a user. For example:

USER

Username or ID of the user to get the app filter for. If not specified, the current user will be used by default.

-q,  --quiet

Only output error messages, and no informational messages, as the operation progresses. (Default: Output informational messages.)

-n,  --no-interactive

Do not allow interactive authorization with polkit. If this is needed to complete the operation, the operation will fail. (Default: Allow interactive authorization.)

Check if a given program, content type or flatpak ref is permitted to be used by a user, according to their current app filter. For example:

USER

Username or ID of the user to get the app filter for. If not specified, the current user will be used by default.

ARG

Path to a program, content type or flatpak ref to check against the app filter, to see if it is allowed for the specified user.

-q, --quiet

Only output error messages, and no informational messages, as the operation progresses. (Default: Output informational messages.)

-n, --no-interactive

Do not allow interactive authorization with polkit. If this is needed to complete the operation, the operation will fail. (Default: Allow interactive authorization.)

Set the app filter for a user, replacing all previous values in it. For example:

USER

Username or ID of the user to set the app filter for. If not specified, the current user will be used by default.

ARG

Item to filter in the user’s app filter. This could either be an absolute path or flatpak ref of a program to block; a content type to block all programs handling that type; or an OARS section=value pair to block installation of apps with a more extreme rating for that OARS section. Multiple items may be specified, and they will replace the user’s current app filter in entirety. If zero items are specified, the app filter is cleared.

--allow-user-installation

Allow the user to install flatpaks to their user repository.

--disallow-user-installation

Disallow the user from installing flatpaks to their user repository.

--allow-system-installation

Allow the user to install flatpaks to the system repository.

--disallow-system-installation

Disallow the user from installing flatpaks to the system repository.

-q, --quiet

Only output error messages, and no informational messages, as the operation progresses. (Default: Output informational messages.)

-n, --no-interactive

Do not allow interactive authorization with polkit. If this is needed to complete the operation, the operation will fail. (Default: Allow interactive authorization.)

Get the value set for a specific OARS section from the app filter of the given user. For example:

USER

Username or ID of the user to get the OARS filter for. If not specified, the current user will be used by default.

SECTION

OARS section to get the restriction level of the given user for. For example, language-profanity.

-q, --quiet

Only output error messages, and no informational messages, as the operation progresses. (Default: Output informational messages.)

-n, --no-interactive

Do not allow interactive authorization with polkit. If this is needed to complete the operation, the operation will fail. (Default: Allow interactive authorization.)

Get the session limits set for a user. For example:

USER

Username or ID of the user to get the session limits for. If not specified, the current user will be used by default.

-q, --quiet

Only output error messages, and no informational messages, as the operation progresses. (Default: Output informational messages.)

-n, --no-interactive

Do not allow interactive authorization with polkit. If this is needed to complete the operation, the operation will fail. (Default: Allow interactive authorization.)

--now yyyy-mm-ddThh:mm:ssZ

Check session limits (in particular, session expiry time) against the given date/time, provided in ISO 8601 format. (Default: Current date/time.)

Set the session limits for a user, replacing its previous value completely. For example:

USER

Username or ID of the user to set the app filter for. If not specified, the current user will be used by default.

LIMIT-TYPE

The type of session limit to use for this user. Possible values are:

none

- No session limits.

daily-schedule --start-time HH[:MM[:SS]] --end-time HH[:MM[:SS]]

- Daily schedule with fixed start and end times. These must be provided as two arguments giving the time of day when the schedule starts and ends.

daily-limit --daily-limit SECONDS

- Daily limit on the overall active time using the computer for the day. This must be provided as a limit length in seconds.

-q, --quiet

Only output error messages, and no informational messages, as the operation progresses. (Default: Output informational messages.)

-n, --no-interactive

Do not allow interactive authorization with polkit. If this is needed to complete the operation, the operation will fail. (Default: Allow interactive authorization.)

Monitor changes to any of the parental controls settings for a specific user. For example:

USER

Username or ID of the user to monitor the parental controls for. If not specified, the current user will be used by default.

-q, --quiet

Only output error messages, and no informational messages, as the operation progresses. (Default: Output informational messages.)

Record session or app usage times for the current user. For example:

USAGE-ENTRIES

One or more usage entries to add. Each entry is a set of four arguments:

• the start date and time of the usage period (in ISO 8601 format),
• the end date and time of the usage period (also in ISO 8601 format),
• the record type (login-session or app) and
• the record identifier (this must be the empty string for login-session records, and the app ID for app records).

The final record identifier in the arguments list can be omitted if it’s empty.

-q, --quiet

Only output error messages, and no informational messages, as the operation progresses. (Default: Output informational messages.)

Query session or app usage times for a given user. For example:

USER

Username or ID of the user to get the usage information for.

RECORD-TYPE IDENTIFIER

The record type and identifier to query for records of. See the documentation for the record-usage command for valid values.

-q, --quiet

Only output error messages, and no informational messages, as the operation progresses. (Default: Output informational messages.)

-n, --no-interactive

Do not allow interactive authorization with polkit. If this is needed to complete the operation, the operation will fail. (Default: Allow interactive authorization.)

Query the usage and session limits for the current user, to work out how much time is remaining in their session or for using apps. For example:

RECORD-TYPE

Type of usage record to query for. This can be login-session or app.

-q, --quiet

Only output error messages, and no informational messages, as the operation progresses. (Default: Output informational messages.)

Request an extension to the screen time limit for the current user, for their session or the specified app. For example:

RECORD-TYPE IDENTIFIER

The record type and identifier to request an extension for. See the documentation for the record-usage command for valid values.

DURATION

The duration of the extension to request (in seconds), or zero to allow the parent to choose the duration (typically this means until the end of today). (Default: Zero.)

--wait

Wait for the response to the extension request.

-q, --quiet

Only output error messages, and no informational messages, as the operation progresses. (Default: Output informational messages.)

Get the web filter for a user. For example:

USER

Username or ID of the user to get the web filter for. If not specified, the current user will be used by default.

-q, --quiet

Only output error messages, and no informational messages, as the operation progresses. (Default: Output informational messages.)

-n, --no-interactive

Do not allow interactive authorization with polkit. If this is needed to complete the operation, the operation will fail. (Default: Allow interactive authorization.)

Set the web filter for a user, replacing all previous values in it. For example:

USER

Username or ID of the user to set the web filter for. If not specified, the current user will be used by default.

ARG

Item to filter in the user’s web filter. This could either be an id=filter-URI pair, or an individual hostname to block. Either type of item may be prefixed with ~ (a tilde) to allow it rather than blocking it. A filter URI must point to a text file in the same format as /etc/hosts listing websites to filter. The associated ID is an arbitrary alphanumeric string used to track the filter over time, even if its canonical URI changes. Multiple items may be specified, and they will replace the user’s current web filter in entirety. If zero items are specified, the web filter is cleared.

--force-safe-search

Force ‘safe search’ mode to be enabled for known search engines and popular websites.

--filter-type

The type of web filter to use for this user. Possible values are:

none

- No web filtering.

block-list

- Websites are allowed by default unless listed in one of the block lists. The websites in the allow lists are always allowed.

allow-list

- Websites are blocked by default unless listed in one of the allow lists. The block lists are ignored.

-q, --quiet

Only output error messages, and no informational messages, as the operation progresses. (Default: Output informational messages.)

-n, --no-interactive

Do not allow interactive authorization with polkit. If this is needed to complete the operation, the operation will fail. (Default: Allow interactive authorization.)

Download and update the compiled web filters for a specific user, or for all users. This will read the current web filter configuration for the user and update the compiled filter database using that configuration. For example:

To update the web filter configuration for a user, use malcontent-client set-web-filter.

USER

Username or ID of the user to update the web filters for. If not specified, the web filters will be updated for all users who have them set.

-q, --quiet

Only output error messages, and no informational messages, as the operation progresses. (Default: Output informational messages.)

-n, --no-interactive

Do not allow interactive authorization with polkit. If this is needed to complete the operation, the operation will fail. (Default: Allow interactive authorization.)

Dump the compiled web filters for a specific user, or for all users. These are the filter rules which are currently being used. For example:

USER

Username or ID of the user to dump the web filters for. If not specified, the web filters will be dumped for all users who have them set.

-q, --quiet

Only output error messages, and no informational messages, as the operation progresses. (Default: Output informational messages.)

-n, --no-interactive

Do not allow interactive authorization with polkit. If this is needed to complete the operation, the operation will fail. (Default: Allow interactive authorization.)

malcontent-client supports the standard GLib environment variables for debugging. These variables are not intended to be used in production:

$G_MESSAGES_DEBUG

This variable can contain one or more debug domain names to display debug output for. The value all will enable all debug output. The default is for no debug output to be enabled.

malcontent-client may return one of several error codes if it encounters problems.

0

No problems occurred. The utility ran and successfully queried the app filter. If running the check-app-filter command, the given path, content type or flatpak ref was allowed for the given user.

1

An invalid option was passed to malcontent-client on startup.

2

The current user was not authorized to query the app filter for the given user.

3

If running the check-app-filter command, the given path, content type or flatpak ref was not allowed for the given user.

4

Malcontent is disabled at the system level, and hence parental controls are not enabled or enforced.

5

An operation failed and no more specific error information is available.

6

The service was busy; try again shortly.

Any bugs which are found should be reported on the project website:
https://gitlab.freedesktop.org/pwithnall/malcontent/-/issues

Endless Mobile, Inc. Philip Withnall

Copyright © 2018 Endless Mobile, Inc. Copyright © 2025 GNOME Foundation, Inc.

malcontent-timerd(8), malcontent-timer-extension-agent(8), malcontent-webd(8).