Polkit-123
Installation of Polkit
There should be a dedicated user and group to take control
of the polkitd daemon after it is
started. Issue the following commands as the
root user:
groupadd -fg 27 polkitd &&
useradd -c "PolicyKit Daemon Owner" -d /etc/polkit-1 -u 27 \
-g polkitd -s /bin/false polkitd
If using SpiderMonkey from Firefox-115.5.0, make the following change
(see Command Explanations below for more information):
sed -e '/mozjs/s/102/115/' -i meson.build &&
sed -e 's/JS_Init/JS::DisableJitBackend(); &/' \
-i src/polkitbackend/polkitbackendjsauthority.cpp
Install Polkit by running the following
commands:
mkdir build &&
cd build &&
meson setup .. \
--prefix=/usr \
--buildtype=release \
-Dman=true \
-Dsession_tracking=libsystemd-login \
-Dtests=true &&
ninja
To test the results, first ensure that the system
D-Bus daemon is running,
and both D-Bus Python-1.3.2 and
dbusmock-0.29.1 are installed.
Then run ninja test.
Now, as the root user:
ninja install
Command Explanations
sed -e '/mozjs/s/102/115/' meson.build:
Allow building this package with SpiderMonkey from Firefox 115 ESR
releases.
sed -e 's/JS_Init/JS::DisableJitBackend(); &/' ...
: The JIT compiling of SpiderMonkey from Firefox-115.5.0
needs W+X mapping which
is dangerous and is not permitted by the
systemd unit file shipped within the polkit
package. This command is not strictly needed on systems based on
sysvinit but it still improves security. It has no effect if building
polkit with the recommended duktape-2.7.0 Javascript
engine.
--buildtype=release: Specify a buildtype
suitable for stable releases of the package, as the default may
produce unoptimized binaries.
-Dtests=true: This switch allows to run the
test suite of this package. As Polkit is
used for authorizations, its integrity can affect system security.
So it's recommended to run the test suite building this package.
-Djs_engine=mozjs: This switch allows using the
SpiderMonkey from Firefox-115.5.0 JavaScript engine instead of the
duktape-2.7.0 JavaScript engine.
-Dos_type=lfs: Use this switch if you did not create
the /etc/lfs-release file or distribution auto
detection will fail and you will be unable to use
Polkit.
-Dauthfw=shadow: This switch enables the
package to use the Shadow rather than the
Linux PAM Authentication framework. Use it
if you have not installed Linux PAM.
-Dintrospection=false: Use this option if you are certain
that you do not need gobject-introspection files for polkit, or do not have
gobject-introspection installed.
-Dman=false: Use this option to disable generating and
installing manual pages. This is useful if libxslt is not installed.
-Dexamples=true: Use this option to build the example
programs.
-Dgtk_doc=true: Use this option to enable building and
installing the API documentation.
Contents
Installed Programs:
pkaction, pkcheck, pkexec,
pkttyagent, and polkitd
Installed Libraries:
libpolkit-agent-1.so and
libpolkit-gobject-1.so
Installed Directories:
/etc/polkit-1,
/usr/include/polkit-1,
/usr/lib/polkit-1,
/usr/share/gtk-doc/html/polkit-1, and
/usr/share/polkit-1
Short Descriptions
pkaction |
is used to obtain information about registered PolicyKit actions
|
pkcheck |
is used to check whether a process is authorized for action
|
pkexec |
allows an authorized user to execute a command as another user
|
pkttyagent |
is used to start a textual authentication agent for the subject
|
polkitd |
provides the org.freedesktop.PolicyKit1 D-Bus
service on the system message bus
|
libpolkit-agent-1.so
|
contains the Polkit authentication
agent API functions
|
libpolkit-gobject-1.so
|
contains the Polkit authorization API functions
|
![[Note]](../images/note.png)