Polkit-0.120

Introduction to Polkit

Polkit is a toolkit for defining and handling authorizations. It is used for allowing unprivileged processes to communicate with privileged processes.

This package is known to build and work properly using an LFS-11.1 platform.

Package Information

Additional Downloads

Polkit Dependencies

Required

GLib-2.70.4 and js78-78.15.0

Recommended

[Note]

Note

Since elogind uses PAM to register user sessions, it is a good idea to build Polkit with PAM support so elogind can track Polkit sessions.

Optional

GTK-Doc-1.33.2

Optional Runtime Dependencies

One polkit authentication agent for using polkit in the graphical environment: polkit-kde-agent in Plasma-5.24.0 for KDE, the agent built in gnome-shell-41.4 for GNOME3, polkit-gnome-0.105 for XFCE, and lxpolkit in LXSession-0.5.5 for LXDE.

[Note]

Note

If libxslt-1.1.35 is installed, then docbook-xml-4.5 and docbook-xsl-1.79.2 are required. If you have installed libxslt-1.1.35, but you do not want to install any of the DocBook packages mentioned, you will need to use -Dman=false in the instructions below.

User Notes: https://wiki.linuxfromscratch.org/blfs/wiki/polkit

Installation of Polkit

There should be a dedicated user and group to take control of the polkitd daemon after it is started. Issue the following commands as the root user:

groupadd -fg 27 polkitd &&
useradd -c "PolicyKit Daemon Owner" -d /etc/polkit-1 -u 27 \
        -g polkitd -s /bin/false polkitd

First, fix problems with setting permissions during installation and with meson-0.60.0:

sed '/0,/s/^/#/' -i meson_post_install.py &&
sed '/policy,/d' -i actions/meson.build \
                 -i src/examples/meson.build

Apply a patch to fix a security issue:

patch -Np1 -i ../polkit-0.120-security_fix-1.patch

Install Polkit by running the following commands:

mkdir build &&
cd    build &&

meson --prefix=/usr                 \
      -Dman=true                    \
      -Dsession_tracking=libelogind \
      -Dsystemdsystemunitdir=/tmp   \
      --buildtype=release           \
      ..                            &&
ninja

This package does not ship with a working test suite.

Now, as the root user:

ninja install &&
rm -v /tmp/*.service

Command Explanations

--buildtype=release: Specify a buildtype suitable for stable releases of the package, as the default may produce unoptimized binaries.

-Dauthfw=shadow: This switch enables the package to use the Shadow rather than the Linux PAM Authentication framework. Use it if you have not installed Linux PAM.

-Dintrospection=false: Use this option if you are certain that you do not need gobject-introspection files for polkit, or do not have gobject-introspection installed.

-Dman=false: Use this option to disable generating and installing manual pages. This is useful if libxslt is not installed.

-Dexamples=true: Use this option to build the example programs.

-Dgtk_doc=true: Use this option to enable building and installing the API documentation.

Configuring Polkit

PAM Configuration

[Note]

Note

If you did not build Polkit with Linux PAM support, you can skip this section.

If you have built Polkit with Linux PAM support, you need to modify the default PAM configuration file which was installed by default to get Polkit to work correctly with BLFS. Issue the following commands as the root user to create the configuration file for Linux PAM:

cat > /etc/pam.d/polkit-1 << "EOF"
# Begin /etc/pam.d/polkit-1

auth     include        system-auth
account  include        system-account
password include        system-password
session  include        system-session

# End /etc/pam.d/polkit-1
EOF

Contents

Installed Programs: pkaction, pkcheck, pkexec, pkttyagent and polkitd
Installed Libraries: libpolkit-agent-1.so and libpolkit-gobject-1.so
Installed Directories: /etc/polkit-1, /usr/include/polkit-1, /usr/lib/polkit-1, /usr/share/gtk-doc/html/polkit-1 and /usr/share/polkit-1

Short Descriptions

pkaction

is used to obtain information about registered PolicyKit actions

pkcheck

is used to check whether a process is authorized for action

pkexec

allows an authorized user to execute a command as another user

pkttyagent

is used to start a textual authentication agent for the subject

polkitd

provides the org.freedesktop.PolicyKit1 D-Bus service on the system message bus

libpolkit-agent-1.so

contains the Polkit authentication agent API functions

libpolkit-gobject-1.so

contains the Polkit authorization API functions

Last updated on