Polkit-123
Introduction to Polkit
Polkit is a toolkit for defining
and handling authorizations. It is used for allowing unprivileged
processes to communicate with privileged processes.
This package is known to build and work properly using an LFS 12.0
platform.
Package Information
Polkit Dependencies
Required
GLib-2.76.4
Recommended
duktape-2.7.0, gobject-introspection-1.76.1,
libxslt-1.1.38, Linux-PAM-1.5.3, and
elogind-252.9
Note
Since elogind uses PAM to
register user sessions, it is a good idea to build Polkit with PAM support so elogind can track
Polkit sessions.
Optional
GTK-Doc-1.33.2, JS-102.13.0 (can be
used in place of duktape), and dbusmock-0.29.1 (for tests)
Optional Runtime
Dependencies
One polkit authentication agent for using polkit in the graphical
environment: polkit-kde-agent in
Plasma-5.27.7 for KDE, the agent built in
gnome-shell-44.3 for GNOME3, polkit-gnome-0.105 for XFCE, and
lxpolkit in LXSession-0.5.5 for LXDE
Installation of Polkit
There should be a dedicated user and group to take control of the
polkitd daemon after
it is started. Issue the following commands as the root
user:
groupadd -fg 27 polkitd &&
useradd -c "PolicyKit Daemon Owner" -d /etc/polkit-1 -u 27 \
-g polkitd -s /bin/false polkitd
If using JS-102.13.0, make the following change (see
Command Explanations below for more information):
sed -e 's/JS_Init/JS::DisableJitBackend(); &/' \
-i src/polkitbackend/polkitbackendjsauthority.cpp
Install Polkit by running the
following commands:
mkdir build &&
cd build &&
meson setup .. \
--prefix=/usr \
--buildtype=release \
-Dman=true \
-Dsession_tracking=libelogind \
-Dtests=true &&
ninja
To test the results, first ensure that the system D-Bus daemon is running, and both D-Bus Python-1.3.2 and dbusmock-0.29.1 are installed. Then run
ninja test.
Now, as the root
user:
ninja install
Command Explanations
sed -e
's/JS_Init/JS::DisableJitBackend(); &/' ... :
The JIT compiling of JS102 needs W+X mapping which is dangerous and
is not permitted by the systemd
unit file shipped within the polkit package. This command is not
strictly needed on systems based on sysvinit but it still improves
security. It has no effect if building polkit with the recommended
duktape-2.7.0 Javascript engine.
--buildtype=release
:
Specify a buildtype suitable for stable releases of the package, as
the default may produce unoptimized binaries.
-Dtests=true
: This switch
allows to run the test suite of this package. As Polkit is used for authorizations, its
integrity can affect system security. So it's recommended to run
the test suite building this package.
-Djs_engine=mozjs
: This switch allows
using the JS-102.13.0 JavaScript engine instead of the
duktape-2.7.0 JavaScript engine.
-Dos_type=lfs
: Use this switch if you
did not create the /etc/lfs-release
file or distribution auto detection will fail and you will be
unable to use Polkit.
-Dauthfw=shadow
: This switch enables
the package to use the Shadow
rather than the Linux PAM
Authentication framework. Use it if you have not installed
Linux PAM.
-Dintrospection=false
: Use this option
if you are certain that you do not need gobject-introspection files
for polkit, or do not have gobject-introspection installed.
-Dman=false
: Use this option to disable
generating and installing manual pages. This is useful if libxslt
is not installed.
-Dexamples=true
: Use this option to
build the example programs.
-Dgtk_doc=true
: Use this option to
enable building and installing the API documentation.
Contents
Installed Programs:
pkaction, pkcheck, pkexec, pkttyagent,
and polkitd
Installed Libraries:
libpolkit-agent-1.so and
libpolkit-gobject-1.so
Installed Directories:
/etc/polkit-1, /usr/include/polkit-1,
/usr/lib/polkit-1, /usr/share/gtk-doc/html/polkit-1, and
/usr/share/polkit-1
Short Descriptions
pkaction
|
is used to obtain information about registered PolicyKit
actions
|
pkcheck
|
is used to check whether a process is authorized for
action
|
pkexec
|
allows an authorized user to execute a command as another
user
|
pkttyagent
|
is used to start a textual authentication agent for the
subject
|
polkitd
|
provides the org.freedesktop.PolicyKit1 D-Bus service on the system message
bus
|
libpolkit-agent-1.so
|
contains the Polkit
authentication agent API functions
|
libpolkit-gobject-1.so
|
contains the Polkit
authorization API functions
|