Polkit-0.115

Introduction to Polkit

Polkit is a toolkit for defining and handling authorizations. It is used for allowing unprivileged processes to communicate with privileged processes.

This package is known to build and work properly using an LFS-8.4 platform.

Package Information

Additional Downloads

Polkit Dependencies

Required

GLib-2.58.3 and js52-52.2.1gnome1

Optional (Required if building GNOME)

gobject-introspection-1.58.3

Optional

docbook-xml-4.5, docbook-xsl-1.79.2, GTK-Doc-1.29, libxslt-1.1.33, and Linux-PAM-1.3.0

[Note]

Note

If libxslt-1.1.33 is installed, then docbook-xml-4.5 and docbook-xsl-1.79.2 are required. If you have installed libxslt-1.1.33, but you do not want to install any of the DocBook packages mentioned, you will need to use --disable-man-pages in the instructions below.

User Notes: http://wiki.linuxfromscratch.org/blfs/wiki/polkit

Installation of Polkit

There should be a dedicated user and group to take control of the polkitd daemon after it is started. Issue the following commands as the root user:

groupadd -fg 27 polkitd &&
useradd -c "PolicyKit Daemon Owner" -d /etc/polkit-1 -u 27 \
        -g polkitd -s /bin/false polkitd

Apply a security patch from upstream:

patch -Np1 -i ../polkit-0.115-security_patch-3.patch

Install Polkit by running the following commands:

./configure --prefix=/usr                    \
            --sysconfdir=/etc                \
            --localstatedir=/var             \
            --disable-static                 \
            --enable-libsystemd-login=no     \
            --enable-libelogind=no           \
            --with-authfw=shadow             &&
make

To test the results, issue: make check. Note that system D-Bus daemon must be running for the testsuite to complete. One tests fails due to the security patch.

Now, as the root user:

make install

Command Explanations

--enable-libsystemd-login=no: This parameter fixes building without systemd, which is not part of LFS/BLFS. If you use systemd, replace "no" by "yes".

--with-authfw=shadow: This parameter configures the package to use the Shadow rather than the Linux-PAM Authentication framework. Change the argument to 'pam' if you would like to use Linux-PAM.

--disable-static: This switch prevents installation of static versions of the libraries.

--enable-gtk-doc: Use this parameter if GTK-Doc is installed and you wish to rebuild and install the API documentation.

Configuring Polkit

PAM Configuration

[Note]

Note

If you did not build Polkit with Linux PAM support, you can skip this section.

If you have built Polkit with Linux PAM support, you need to modify the default PAM configuration file which was installed by default to get Polkit to work correctly with BLFS. Issue the following commands as the root user to create the configuration file for Linux PAM:

cat > /etc/pam.d/polkit-1 << "EOF"
# Begin /etc/pam.d/polkit-1

auth     include        system-auth
account  include        system-account
password include        system-password
session  include        system-session

# End /etc/pam.d/polkit-1
EOF

Contents

Installed Programs: pkaction, pkcheck, pk-example-frobnicate, pkexec, pkttyagent and polkitd
Installed Libraries: libpolkit-agent-1.so and libpolkit-gobject-1.so
Installed Directories: /etc/polkit-1, /usr/include/polkit-1, /usr/lib/polkit-1, /usr/share/gtk-doc/html/polkit-1 and /usr/share/polkit-1

Short Descriptions

pkaction

is used to obtain information about registered PolicyKit actions.

pkcheck

is used to check whether a process is authorized for action.

pk-example-frobnicate

is an example program to test the pkexec command.

pkexec

allows an authorized user to execute a command as another user.

pkttyagent

is used to start a textual authentication agent for the subject.

polkitd

provides the org.freedesktop.PolicyKit1 D-Bus service on the system message bus.

libpolkit-agent-1.so

contains the Polkit authentication agent API functions.

libpolkit-gobject-1.so

contains the Polkit authorization API functions.

Last updated on 2019-02-22 05:51:09 -0800