Introduction to Polkit
Polkit is a toolkit for defining
and handling authorizations. It is used for allowing unprivileged
processes to communicate with privileged processes.
Note
Development versions of GLFS may not build or run some packages
properly if LFS or dependencies have been updated since the most
recent stable versions of the books.
Package Information
Polkit Dependencies
Required
duktape-2.7.0 and GLib-2.82.0
Recommended
Linux-PAM-1.6.1 and elogind-255.5
Note
Since elogind uses
PAM to register user sessions, it is a good idea to build
Polkit with PAM support so
elogind can track
Polkit sessions.
Optional Runtime
Dependencies
One polkit authentication agent for using polkit in the graphical
environment; this will greatly depend on what desktop you are
running...
Installation of Polkit
There should be a dedicated user and group to take control of the
polkitd daemon after
it is started. Issue the following commands as the root
user:
groupadd -fg 27 polkitd &&
useradd -c "PolicyKit Daemon Owner" -d /etc/polkit-1 -u 27 \
-g polkitd -s /bin/false polkitd
First fix a build problem for sysV based systems:
sed -i '/systemd_sysusers_dir/s/^/#/' meson.build
Install Polkit by running the
following commands:
mkdir build &&
cd build &&
meson setup .. \
--prefix=/usr \
--buildtype=release \
-D man=false \
-D session_tracking=elogind \
-D introspection=false \
-D tests=false
Build the package:
ninja
Now, as the root
user:
ninja install
Command Explanations
--buildtype=release
:
Specify a buildtype suitable for stable releases of the package, as
the default may produce unoptimized binaries.
-D os_type=lfs
: Use this switch if you
did not create the /etc/lfs-release
file or distribution auto detection will fail and you will be
unable to use Polkit.
-D authfw=shadow
: This switch enables
the package to use the Shadow
rather than the Linux PAM
Authentication framework. Use it if you have not installed
Linux PAM.
-D introspection=false
: This option
disables GObject Introspection support as it was not enabled in
GLib-2.82.0.
-D man=false
: This option disables
generating and installing manual pages.
Contents
Installed Programs:
pkaction, pkcheck, pkexec, pkttyagent,
and polkitd
Installed Libraries:
libpolkit-agent-1.so and
libpolkit-gobject-1.so
Installed Directories:
/etc/polkit-1, /usr/include/polkit-1,
/usr/lib/polkit-1, /usr/share/gtk-doc/html/polkit-1, and
/usr/share/polkit-1
Short Descriptions
pkaction
|
is used to obtain information about registered PolicyKit
actions
|
pkcheck
|
is used to check whether a process is authorized for
action
|
pkexec
|
allows an authorized user to execute a command as another
user
|
pkttyagent
|
is used to start a textual authentication agent for the
subject
|
polkitd
|
provides the org.freedesktop.PolicyKit1 D-Bus service on the system message
bus
|
libpolkit-agent-1.so
|
contains the Polkit
authentication agent API functions
|
libpolkit-gobject-1.so
|
contains the Polkit
authorization API functions
|