Linux Desktop Policy Question - Options for BAT, DoH & Tor

[donateur]

Description

I wish to configure Brave using desktop policy on Linux but the options are not documented.

Wow you guys are busy now. I'll be overjoyed if someone could just please point me in the right direction!

Brave currently has a help page for Group Policy on Windows: https://support.brave.com/hc/en-us/articles/360039248271-Group-Policy but there's no doco for Linux.

I wish to change the Linux Workstations of a security-conscious client to Brave from Chrome/Chromium. However I cannot do this without disabling a few features (so users may not enable them).

1. BAT (they detect and strictly do not allow any crypto currency transactions on the network)
2. DNS over HTTPS (they need to enforce use of local DNS for security monitoring)
3. Tor in Private windows

Hopefully these desires aren't controversial (this is a corporate business-use only network)

• Are there options to control these through policy?
• What are the option names please?

We already configure Chromium using the json policy files supplied by them https://www.chromium.org/administrators/linux-quick-start so just need the extra features here and we can start using Brave!

Brave version (brave://version info)

Latest Brave for Linux - currently 1.31.87 Chromium: 95.0.4638.54 (Official Build) (64-bit)

[bd-g]

+1

[bsclifton]

@donateur implementation will be the same (or at least close) as the Chrome one. Can you share what you're trying? There are only a few Brave Specific options at the moment; you can check for (TorDisabled, and IPFSEnabled)

[donateur]

@donateur implementation will be the same (or at least close) as the Chrome one. Can you share what you're trying? There are only a few Brave Specific options at the moment; you can check for (TorDisabled, and IPFSEnabled)

Thanks, but to be honest, I've not tried anything as I wasn't sure how effective it would be at guessing the options. I was really hoping someone could document what the options are!

[donateur]

PS: The options I'm asking about are specific to Brave, so I can't just copy what Chrom(ium) has documented.

[HamburgerJungeJr]

It seems to be changed from
/etc/chromium/policies/managed/
to
/etc/brave/policies/managed/

At least for me it worked to set the AuthServerAllowlist policy.

Having the policies under the chromium path they were not applied
Source: brave/brave-core@6f2f55b

[donateur]

@HamburgerJungeJr thanks for that.

Does this mean there's two issues?

1. The issue I've reported, that there are no documented options for Brave-specific Browser configuration (things like BAT and TOR which aren't in Chromium upstream)
2. Brave policy on Linux needs to be applied to a unique directory /etc/brave/policies/managed/ (unlike Chromium upstream) but this isn't documented either

[HamburgerJungeJr]

Regarding 1: As @bsclifton said, there seem to be only the two mentioned brave-specific policies available. These are also documented at the windows-policy document. I could find only one source file containing these policies: https://github.com/brave/brave-core/blob/27cefaf47f00b618db2ce22d719904fb8719f2e7/script/policy_source_helper.py
And there are no more listed, so I think there are no other brave-specific policies.

But as I am no brave developer there might be some policies I'm missing.

Regarding 2: As far as I can tell: yes

PS: Have a look at brave://policy If you check the checkbox in the right upper corner you can search all available policies. These are the names you have to enter in the config file.

[donateur]

@HamburgerJungeJr thanks for your response.

PS: Have a look at brave://policy If you check the checkbox in the right upper corner you can search all available policies. These are the names you have to enter in the config file.

I see;

• No options for "BAT", "token", Sponsored "background" image or Brave "News" 😢 (we'd have to disable all for reasons I stated above)
• DnsOverHttpsMode (Not required given next option)
• BuiltInDnsClientEnabled (A Chromium policy which could be configured to "false" so that OS DNS is used. Hurray!)
• TorDisabled (Set to "true" I guess)

[donateur]

I'm going to close this and add a new request titled "Add policy options to allow disabling BAT on Linux".

[donateur]

Sorry, learning github, but I need to close this linking to #22029