But it has some serious limitations: for example, you cannot block individual website reliably. Parents can consider piholes, but DNS sink hole on local network are often trivial to bypass.
this is just limiting what apps can be opened, and it only works for flatpak apps. how will you disable all the other apps that are installed? how do you disable the shell which could be used to download a non-flatpak browser?
and as you said it does not even try to limit which websites are allowed to be visited, or for how much time can the computer be used. a pihole can be circumvented with DoH, for which there is an easy toggle in firefox, probably chrome too
of course, but no root permission is needed for that. flatpak packages can be installed on the user level, but even if you somehow disable that, they could still just download firefox (or anything else) as a tarball, unpack it and run it traditionally
when I was looking I have found exactly zero parental controls for linux. which ones do you know?
Gnome has parental control https://help.gnome.org/gnome-help/parental-controls.html
But it has some serious limitations: for example, you cannot block individual website reliably. Parents can consider piholes, but DNS sink hole on local network are often trivial to bypass.
this is just limiting what apps can be opened, and it only works for flatpak apps. how will you disable all the other apps that are installed? how do you disable the shell which could be used to download a non-flatpak browser?
and as you said it does not even try to limit which websites are allowed to be visited, or for how much time can the computer be used. a pihole can be circumvented with DoH, for which there is an easy toggle in firefox, probably chrome too
Don’t give your kids root permission so they can’t install non-flatpak apps.
of course, but no root permission is needed for that. flatpak packages can be installed on the user level, but even if you somehow disable that, they could still just download firefox (or anything else) as a tarball, unpack it and run it traditionally