Difference between revisions of "PolicyKit"

From CBLFS
Jump to navigationJump to search
(Getting the source)
(Configuration)
Line 92: Line 92:
 
=== Bootscript ===
 
=== Bootscript ===
  
There is no pre-made bootscript for PolicyKit at this time. The daemon is at '''/usr/sbin/polkitd''' and it needs to start after [[D-BUS]] but before [[HAL]].
+
Create the bootscript:
 +
 
 +
cat > /etc/rc.d/init.d/polkitd << "EOF"
 +
#!/bin/sh
 +
# Begin $rc_base/init.d/polkitd
 +
 +
. /etc/sysconfig/rc
 +
. ${rc_functions}
 +
 +
case "${1}" in
 +
        start)
 +
                boot_mesg "Starting PolicyKit..."
 +
                loadproc /usr/sbin/polkitd
 +
                ;;
 +
 +
        stop)
 +
                boot_mesg "Stopping PolicyKit..."
 +
                killproc /usr/sbin/polkitd
 +
                ;;
 +
 +
        restart)
 +
                ${0} stop
 +
                sleep 1
 +
                ${0} start
 +
                ;;
 +
 +
        status)
 +
                statusproc /usr/sbin/polkitd
 +
                ;;
 +
 +
        *)
 +
                echo "Usage: ${0} {start|stop|restart|status}"
 +
                exit 1
 +
                ;;
 +
esac
 +
 +
# End $rc_base/init.d/acpid
 +
EOF
 +
chmod -v 754 /etc/rc.d/init.d/polkitd
 +
 
 +
Link it into the runlevels:
 +
 
 +
for link in /etc/rc.d/rc{{0,1,6}.d/K29,{2,3,4,5}.d/S20}polkitd; do
 +
  ln -sfv ../init.d/polkitd $link;
 +
done
  
 
== Privileges ==
 
== Privileges ==

Revision as of 12:41, 27 January 2007

Download Source: (Not Released Yet)

Introduction to PolicyKit

<Package Description Needed>

Dependencies

Required

Optional

PolKit User/Group

groupadd -g 26 polkit &&
useradd -c "Policy Kit Daemon User" -d /dev/null \
        -u 26 -g polkit -s /bin/false polkit

Getting the source

Check out the source from freedesktop.org:

git clone git://anongit.freedesktop.org/git/PolicyKit

It couldn't hurt to make a tarball so you have an unmodified source around for the future:

tar cvjf PolicyKit{-$(date +%Y%m%d).tar.bz2,}

Non-Multilib

Compile the package:

./autogen.sh --prefix=/usr --sysconfdir=/etc --localstatedir=/var &&
make

Install the package

make install

Multilib

32Bit

Compile the package:

CC="gcc ${BUILD32}" PKG_CONFIG_PATH="${PKG_CONFIG_PATH32}" \
./autogen.sh --prefix=/usr --sysconfdir=/etc --localstatedir=/var &&
make

Install the package

make install

N32

Compile the package:

CC="gcc ${BUILDN32}" PKG_CONFIG_PATH="${PKG_CONFIG_PATHN32}" \
./autogen.sh --prefix=/usr --sysconfdir=/etc --localstatedir=/var \
    --libdir=/usr/lib32 --with-pam-module-dir=/lib32/security &&
make

Install the package

make install

64Bit

Compile the package:

CC="gcc ${BUILD64}" PKG_CONFIG_PATH="${PKG_CONFIG_PATH64}" \
./autogen.sh --prefix=/usr --sysconfdir=/etc --localstatedir=/var \
    --libdir=/usr/lib64 --with-pam-module-dir=/lib64/security &&
make

Install the package

make install

Configuration

Bootscript

Create the bootscript:

cat > /etc/rc.d/init.d/polkitd << "EOF"
#!/bin/sh
# Begin $rc_base/init.d/polkitd

. /etc/sysconfig/rc
. ${rc_functions}

case "${1}" in
        start)
                boot_mesg "Starting PolicyKit..."
                loadproc /usr/sbin/polkitd
                ;;

        stop)
                boot_mesg "Stopping PolicyKit..."
                killproc /usr/sbin/polkitd
                ;;

        restart)
                ${0} stop
                sleep 1
                ${0} start
                ;;

        status)
                statusproc /usr/sbin/polkitd
                ;;

        *)
                echo "Usage: ${0} {start|stop|restart|status}"
                exit 1
                ;;
esac

# End $rc_base/init.d/acpid
EOF
chmod -v 754 /etc/rc.d/init.d/polkitd

Link it into the runlevels:

for link in /etc/rc.d/rc{{0,1,6}.d/K29,{2,3,4,5}.d/S20}polkitd; do
  ln -sfv ../init.d/polkitd $link;
done

Privileges

PolicyKit installs desktop-console.privilege in /etc/PolicyKit/privilege.d which is the file that HAL will reference to see if the user can preform a specific operation (mount, cpufreq, hibernate, poweroff, reboot, suspend, etc...). Other privileges that manipulate a local device are most likely going to require this privilege.

There are a few ways to configure a privilege. You can allow anybody by setting Allow=uid:__all__, a specific user by setting Allow=uid:username, or a specific group by setting Allow=gid:groupname. The same applies for Deny.

The following command modifies the privilege file so that anyone in the users group is allowed to manipulate a local device:

sed -i "s/^Allow=.*/Allow=gid:users/" \
    /etc/PolicyKit/privilege.d/desktop-console.privilege

Contents

Installed Programs: ???
Installed Libraries: ???
Installed Directories: ???

Short Descriptions

program1 ???
program2 ???
library1.{so,a} ???
Retrieved from "?title=PolicyKit&oldid=7414"