I'm trying to create a kids account.
I'd like to create a User Account that restricts all apps by default, except a specific list of apps, i.e. firefox, Yo Frankie, Numpty Physics, etc.. Additionally, I'd like to make their entire account non-writable, with the exception that they may write if the app allows them to create a document. Of course if the app they are allowed to run needs to write logs for example, this will need to be enabled too. The intended result is they wouldn't be able to right click on the desktop and create a directory or document. They might be able to download an executable, but not execute it.
How can I do this?
AppArmor or SELinux should answer.
AppArmor seems more common at this point, but you'll need to dig a bit to find information on configuring it for users (most tutorials only mention program profiles, not user profiles). The AppArmor documentation has details, particularly the language quickstart and the profile language reference.
The level of restriction you desire will require a lot of testing and tuning to get right. There are a lot of required permissions that aren't immediately obvious. For example, Mozilla will want to log browser history somewhere, and many programs put files in the /tmp hierachy. Running the application from a command prompt often yields useful debug output, and the
strace
command can be helpful as well.