Gaming Linux® From Scratch (System V Edition) - Version #4f30

Chapter 4. Security

Polkit-126

Introduction to Polkit

Polkit is a toolkit for defining and handling authorizations. It is used for allowing unprivileged processes to communicate with privileged processes.

Polkit Dependencies

Required
duktape-2.7.0 and GLib-2.86.1

Recommended
Linux-PAM-1.7.1 and elogind-255.17

[Note]

Note

Since elogind uses PAM to register user sessions, it is a good idea to build Polkit with PAM support so elogind can track Polkit sessions.

Optional
A polkit authentication agent for using polkit in the graphical environment at runtime; this will greatly depend on what desktop you are running, like KDE Plasma, GNOME, Hyprland, etc.

Installation of Polkit

There should be a dedicated user and group to take control of the polkitd daemon after it is started. IF you have not already created a dedicated user and group for polkitd, issue the following commands as the root user: 

groupadd -fg 27 polkitd &&
useradd -c "PolicyKit Daemon Owner" -d /etc/polkit-1 -u 27 \
        -g polkitd -s /bin/false polkitd

Install Polkit by running the following commands: 

mkdir build &&
cd    build &&

meson setup ..                     \
      --prefix=/usr                \
      --buildtype=release          \
      -D os_type=lfs               \
      -D man=false                 \
      -D session_tracking=elogind  \
      -D systemdsystemunitdir=/tmp \
      -D tests=false &&

ninja

Now, as the root user: 

ninja install

Remove some files that aren't useful on a SysV system as the root user: 

rm -v /tmp/*.service &&
rm -rf /usr/lib/{sysusers,tmpfiles}.d

Command Explanations

[Note]

Note

Inspect meson_options.txt or meson.options for a full list of options.

--buildtype=release: Specify a buildtype suitable for stable releases of the package, as the default may produce unoptimized binaries.

-D os_type=lfs: This switch ensures that even if distribution auto detection fails, the distribution/OS type will be hardcoded in Polkit.

-D man=false: This option disables generating and installing manual pages.

-D authfw=shadow: This switch enables the package to use the Shadow rather than the Linux PAM Authentication framework. Use it if you have not installed Linux PAM.

-D introspection=false: This option disables GObject Introspection support if you are sure you don't need it.

Contents

Installed Programs: pkaction, pkcheck, pkexec, pkttyagent, and polkitd
Installed Libraries: libpolkit-agent-1 and libpolkit-gobject-1
Installed Directories: /etc/polkit-1, /usr/include/polkit-1, /usr/lib/polkit-1, /usr/share/gtk-doc/html/polkit-1, and /usr/share/polkit-1

Short Descriptions

pkaction

is used to obtain information about registered PolicyKit actions

pkcheck

is used to check whether a process is authorized for action

pkexec

allows an authorized user to execute a command as another user

pkttyagent

is used to start a textual authentication agent for the subject

polkitd

provides the org.freedesktop.PolicyKit1 D-Bus service on the system message bus

libpolkit-agent-1

contains the Polkit authentication agent API functions

libpolkit-gobject-1

contains the Polkit authorization API functions