Difference between revisions of "PolicyKit"

From CBLFS
Jump to navigationJump to search
m
 
(17 intermediate revisions by 5 users not shown)
Line 2: Line 2:
 
|-valign="top"
 
|-valign="top"
 
!Download Source:
 
!Download Source:
| http://people.freedesktop.org/~david/dist/PolicyKit-{{PolicyKit-Version}}.tar.gz
+
| http://hal.freedesktop.org/releases/PolicyKit-{{PolicyKit-Version}}.tar.gz
 
|}
 
|}
  
 
----
 
----
  
{{Package-Introduction|PolicyKit is a framework for defining policy for system-wide components and for desktop pieces to configure it. It is used by [[HAL]].}}
+
{{Package-Introduction|PolicyKit is a framework for defining policy for system-wide components and for desktop pieces to configure it. It is used by [[HAL]]. Note that this is not compatible with later versions; see [[Polkit]] if you need such a version.|http://www.freedesktop.org/wiki/Software/PolicyKit}}
  
 
== Dependencies ==
 
== Dependencies ==
Line 18: Line 18:
  
 
=== Optional ===
 
=== Optional ===
* [[GIT]] (To get the latest source)
 
 
* [[Gtk-Doc]]
 
* [[Gtk-Doc]]
 +
* [[intltool]]
 +
* [[SELinux]]
  
 
== PolKit User/Group ==
 
== PolKit User/Group ==
Line 32: Line 33:
  
 
  ./configure --prefix=/usr --sysconfdir=/etc \
 
  ./configure --prefix=/usr --sysconfdir=/etc \
     --libexecdir=/usr/lib/PolicyKit --localstatedir=/var &&
+
     --libexecdir=/usr/lib/PolicyKit --localstatedir=/var \
 +
    --with-polkit-user=polkit --with-polkit-group=polkit &&
 
  make
 
  make
  
Line 47: Line 49:
 
  CC="gcc ${BUILD32}" PKG_CONFIG_PATH="${PKG_CONFIG_PATH32}" \
 
  CC="gcc ${BUILD32}" PKG_CONFIG_PATH="${PKG_CONFIG_PATH32}" \
 
  ./configure --prefix=/usr --sysconfdir=/etc \
 
  ./configure --prefix=/usr --sysconfdir=/etc \
     --libexecdir=/usr/lib/PolicyKit --localstatedir=/var &&
+
     --libexecdir=/usr/lib/PolicyKit --localstatedir=/var \
 +
    --with-polkit-user=polkit --with-polkit-group=polkit &&
 
  make
 
  make
  
Line 61: Line 64:
 
  ./configure --prefix=/usr --sysconfdir=/etc \
 
  ./configure --prefix=/usr --sysconfdir=/etc \
 
     --libexecdir=/usr/lib32/PolicyKit --localstatedir=/var \
 
     --libexecdir=/usr/lib32/PolicyKit --localstatedir=/var \
     --libdir=/usr/lib32 --with-pam-module-dir=/lib32/security &&
+
     --libdir=/usr/lib32 --with-pam-module-dir=/lib32/security \
 +
    --with-polkit-user=polkit --with-polkit-group=polkit &&
 
  make
 
  make
  
Line 75: Line 79:
 
  ./configure --prefix=/usr --sysconfdir=/etc \
 
  ./configure --prefix=/usr --sysconfdir=/etc \
 
     --libexecdir=/usr/lib64/PolicyKit --localstatedir=/var \
 
     --libexecdir=/usr/lib64/PolicyKit --localstatedir=/var \
     --libdir=/usr/lib64 --with-pam-module-dir=/lib64/security &&
+
     --libdir=/usr/lib64 --with-pam-module-dir=/lib64/security \
 +
    --with-polkit-user=polkit --with-polkit-group=polkit &&
 
  make
 
  make
  
Line 84: Line 89:
 
== Configuration ==
 
== Configuration ==
  
=== Bootscript ===
+
To allow HAL to automount removable drives such a thumbdrives, edit /etc/PolicyKit/PolicyKit.conf and add the following between the <config></config> tags:
  
Create the bootscript:
+
<match action="org.freedesktop.hal.storage.mount-removable">
 +
    <return result="yes" />
 +
</match>
  
cat > /etc/rc.d/init.d/polkitd << "EOF"
+
Without this you will receive an error similar to <b>org.freedesktop.Hal.Device.PermissionDeniedByPolicy:  
#!/bin/sh
+
org.freedesktop.hal.storage.mount-removable no <--(action,result)</b> when you "plug in" your thumb drive.
# Begin $rc_base/init.d/polkitd
 
 
. /etc/sysconfig/rc
 
. ${rc_functions}
 
   
 
case "${1}" in
 
        start)
 
                boot_mesg "Starting PolicyKit..."
 
                loadproc /usr/sbin/polkitd
 
                ;;
 
 
        stop)
 
                boot_mesg "Stopping PolicyKit..."
 
                killproc /usr/sbin/polkitd
 
                ;;
 
 
        restart)
 
                ${0} stop
 
                sleep 1
 
                ${0} start
 
                ;;
 
 
        status)
 
                statusproc /usr/sbin/polkitd
 
                ;;
 
 
        *)
 
                echo "Usage: ${0} {start|stop|restart|status}"
 
                exit 1
 
                ;;
 
esac
 
 
# End $rc_base/init.d/polkitd
 
EOF
 
chmod -v 754 /etc/rc.d/init.d/polkitd
 
  
Link it into the runlevels:
+
You then must upgrade your util-linux to the latest version or HAL automounting will fail with the following error <b>FAT: Unrecognized mount option "uhelper=hal" or missing value</b>. Instructions for building the latest version of util-linux can be found the development [http://cross-lfs.org/view/svn/ CLFS books].
 
 
for link in /etc/rc.d/rc{{0,1,6}.d/K29,{2,3,4,5}.d/S20}polkitd; do
 
  ln -sfv ../init.d/polkitd $link;
 
done
 
 
 
== InitNG Bootscript ==
 
 
 
Todo
 
 
 
== Privileges ==
 
 
 
PolicyKit installs '''desktop-console.privilege''' in /etc/PolicyKit/privilege.d which is the file that [[HAL]] will reference to see if the user can preform a specific operation (mount, cpufreq, hibernate, poweroff, reboot, suspend, etc...). Other privileges that manipulate a local device are most likely going to require this privilege.
 
 
 
There are a few ways to configure a privilege. You can allow anybody by setting '''Allow=uid:__all__''', a specific user by setting '''Allow=uid:username''', or a specific group by setting '''Allow=gid:groupname'''. The same applies for '''Deny'''.
 
 
 
The following command modifies the privilege file so that anyone in the '''users''' group is allowed to manipulate a local device:
 
 
 
sed -i "s/^Allow=.*/Allow=gid:users/" \
 
    /etc/PolicyKit/privilege.d/desktop-console.privilege
 
  
 
= Contents =
 
= Contents =
Line 160: Line 113:
 
| /etc/PolicyKit/privilege.d /var/run/polkit-console
 
| /etc/PolicyKit/privilege.d /var/run/polkit-console
 
|}
 
|}
 +
 +
[[Category:General Utilities]]

Latest revision as of 04:53, 14 May 2010

Download Source: http://hal.freedesktop.org/releases/PolicyKit-0.9.tar.gz

Introduction to PolicyKit

PolicyKit is a framework for defining policy for system-wide components and for desktop pieces to configure it. It is used by HAL. Note that this is not compatible with later versions; see Polkit if you need such a version.

Project Homepage: http://www.freedesktop.org/wiki/Software/PolicyKit

Dependencies

Required

Optional

PolKit User/Group

groupadd -g 26 polkit &&
useradd -c "Policy Kit Daemon User" -d /dev/null \
        -u 26 -g polkit -s /bin/false polkit

Non-Multilib

Compile the package:

./configure --prefix=/usr --sysconfdir=/etc \
    --libexecdir=/usr/lib/PolicyKit --localstatedir=/var \
    --with-polkit-user=polkit --with-polkit-group=polkit &&
make

Install the package

make install

Multilib

32Bit

Compile the package:

CC="gcc ${BUILD32}" PKG_CONFIG_PATH="${PKG_CONFIG_PATH32}" \
./configure --prefix=/usr --sysconfdir=/etc \
    --libexecdir=/usr/lib/PolicyKit --localstatedir=/var \
    --with-polkit-user=polkit --with-polkit-group=polkit &&
make

Install the package

make install

N32

Compile the package:

CC="gcc ${BUILDN32}" PKG_CONFIG_PATH="${PKG_CONFIG_PATHN32}" \
./configure --prefix=/usr --sysconfdir=/etc \
    --libexecdir=/usr/lib32/PolicyKit --localstatedir=/var \
    --libdir=/usr/lib32 --with-pam-module-dir=/lib32/security \
    --with-polkit-user=polkit --with-polkit-group=polkit &&
make

Install the package

make install

64Bit

Compile the package:

CC="gcc ${BUILD64}" PKG_CONFIG_PATH="${PKG_CONFIG_PATH64}" \
./configure --prefix=/usr --sysconfdir=/etc \
    --libexecdir=/usr/lib64/PolicyKit --localstatedir=/var \
    --libdir=/usr/lib64 --with-pam-module-dir=/lib64/security \
    --with-polkit-user=polkit --with-polkit-group=polkit &&
make

Install the package

make install

Configuration

To allow HAL to automount removable drives such a thumbdrives, edit /etc/PolicyKit/PolicyKit.conf and add the following between the <config></config> tags:

<match action="org.freedesktop.hal.storage.mount-removable">
    <return result="yes" />
</match>

Without this you will receive an error similar to org.freedesktop.Hal.Device.PermissionDeniedByPolicy: org.freedesktop.hal.storage.mount-removable no <--(action,result) when you "plug in" your thumb drive.

You then must upgrade your util-linux to the latest version or HAL automounting will fail with the following error FAT: Unrecognized mount option "uhelper=hal" or missing value. Instructions for building the latest version of util-linux can be found the development CLFS books.

Contents

Installed Programs: polkit-grant-privilege polkit-is-rivileged polkit-list-privileges polkit-revoke-privilege polkitd
Installed Libraries: libpolkit.{so,a,la} libpolkit-grant.{so,a,la} /lib/security/pam_polkit_console.{so,a,la}
Installed Directories: /etc/PolicyKit/privilege.d /var/run/polkit-console