Introduction to Polkit
Polkit is a toolkit for defining and handling authorizations. It is used for allowing unprivileged processes to communicate with privileged processes.
Note
Development versions of BLFS may not build or run some packages properly if LFS or dependencies have been updated since the most recent stable versions of the books.
Package Information
Polkit Dependencies
Required
GLib-2.78.3
Recommended
duktape-2.7.0, gobject-introspection-1.78.1, libxslt-1.1.39, Linux-PAM-1.6.0, and elogind-252.9
Note
Since elogind uses PAM to register user sessions, it is a good idea to build Polkit with PAM support so elogind can track Polkit sessions.
Optional
GTK-Doc-1.33.2, dbusmock-0.30.2, and SpiderMonkey from Firefox-115.6.0 (can be used in place of duktape)
Optional Runtime Dependencies
One polkit authentication agent for using polkit in the graphical environment: polkit-kde-agent in Plasma-5.27.10 for KDE, the agent built in gnome-shell-45.3 for GNOME3, polkit-gnome-0.105 for XFCE, and lxqt-policykit-1.4.0 for LXQt
Installation of Polkit
There should be a dedicated user and group to take control of the polkitd daemon after it is started. Issue the following commands as the root
user:
groupadd -fg 27 polkitd &&
useradd -c "PolicyKit Daemon Owner" -d /etc/polkit-1 -u 27 \
-g polkitd -s /bin/false polkitd
First fix a build problem for sysV based systems:
sed -i '/systemd_sysusers_dir/s/^/#/' meson.build
Install Polkit by running the following commands:
mkdir build &&
cd build &&
meson setup .. \
--prefix=/usr \
--buildtype=release \
-Dman=true \
-Dsession_tracking=libelogind \
-Dtests=true &&
ninja
To test the results, first ensure that the system D-Bus daemon is running, and both D-Bus Python-1.3.2 and dbusmock-0.30.2 are installed. Then run ninja test.
Now, as the root
user:
ninja install
Command Explanations
--buildtype=release
: Specify a buildtype suitable for stable releases of the package, as the default may produce unoptimized binaries.
-Dtests=true
: This switch allows to run the test suite of this package. As Polkit is used for authorizations, its integrity can affect system security. So it's recommended to run the test suite building this package.
-Djs_engine=mozjs
: This switch allows using the SpiderMonkey from Firefox-115.6.0 JavaScript engine instead of the duktape-2.7.0 JavaScript engine.
-Dos_type=lfs
: Use this switch if you did not create the /etc/lfs-release
file or distribution auto detection will fail and you will be unable to use Polkit.
-Dauthfw=shadow
: This switch enables the package to use the Shadow rather than the Linux PAM Authentication framework. Use it if you have not installed Linux PAM.
-Dintrospection=false
: Use this option if you are certain that you do not need gobject-introspection files for polkit, or do not have gobject-introspection installed.
-Dman=false
: Use this option to disable generating and installing manual pages. This is useful if libxslt is not installed.
-Dexamples=true
: Use this option to build the example programs.
-Dgtk_doc=true
: Use this option to enable building and installing the API documentation.
Contents
Installed Programs: pkaction, pkcheck, pkexec, pkttyagent, and polkitd
Installed Libraries: libpolkit-agent-1.so and libpolkit-gobject-1.so
Installed Directories: /etc/polkit-1, /usr/include/polkit-1, /usr/lib/polkit-1, /usr/share/gtk-doc/html/polkit-1, and /usr/share/polkit-1
Short Descriptions
pkaction
|
is used to obtain information about registered PolicyKit actions
|
pkcheck
|
is used to check whether a process is authorized for action
|
pkexec
|
allows an authorized user to execute a command as another user
|
pkttyagent
|
is used to start a textual authentication agent for the subject
|
polkitd
|
provides the org.freedesktop.PolicyKit1 D-Bus service on the system message bus
|
libpolkit-agent-1.so
|
contains the Polkit authentication agent API functions
|
libpolkit-gobject-1.so
|
contains the Polkit authorization API functions
|