PolicyKit: Difference between revisions

From CBLFS
Jump to navigationJump to search
← Older editNewer edit →
Line 92: Line 92:
=== Bootscript ===
=== Bootscript ===


There is no pre-made bootscript for PolicyKit at this time. The daemon is at '''/usr/sbin/polkitd''' and it needs to start after [[D-BUS]] but before [[HAL]].
Create the bootscript:
 
cat > /etc/rc.d/init.d/polkitd << "EOF"
#!/bin/sh
# Begin $rc_base/init.d/polkitd
. /etc/sysconfig/rc
. ${rc_functions}
case "${1}" in
        start)
                boot_mesg "Starting PolicyKit..."
                loadproc /usr/sbin/polkitd
                ;;
        stop)
                boot_mesg "Stopping PolicyKit..."
                killproc /usr/sbin/polkitd
                ;;
        restart)
                ${0} stop
                sleep 1
                ${0} start
                ;;
        status)
                statusproc /usr/sbin/polkitd
                ;;
        *)
                echo "Usage: ${0} {start|stop|restart|status}"
                exit 1
                ;;
esac
# End $rc_base/init.d/acpid
EOF
chmod -v 754 /etc/rc.d/init.d/polkitd
 
Link it into the runlevels:
 
for link in /etc/rc.d/rc{{0,1,6}.d/K29,{2,3,4,5}.d/S20}polkitd; do
  ln -sfv ../init.d/polkitd $link;
done


== Privileges ==
== Privileges ==

Revision as of 12:41, 27 January 2007

Download Source: (Not Released Yet)

Introduction to PolicyKit

<Package Description Needed>

Dependencies

Required

Optional

PolKit User/Group

groupadd -g 26 polkit &&
useradd -c "Policy Kit Daemon User" -d /dev/null \
        -u 26 -g polkit -s /bin/false polkit

Getting the source

Check out the source from freedesktop.org: 

git clone git://anongit.freedesktop.org/git/PolicyKit

It couldn't hurt to make a tarball so you have an unmodified source around for the future: 

tar cvjf PolicyKit{-$(date +%Y%m%d).tar.bz2,}

Non-Multilib

Compile the package: 

./autogen.sh --prefix=/usr --sysconfdir=/etc --localstatedir=/var &&
make

Install the package 

make install

Multilib

32Bit

Compile the package: 

CC="gcc ${BUILD32}" PKG_CONFIG_PATH="${PKG_CONFIG_PATH32}" \
./autogen.sh --prefix=/usr --sysconfdir=/etc --localstatedir=/var &&
make

Install the package 

make install

N32

Compile the package: 

CC="gcc ${BUILDN32}" PKG_CONFIG_PATH="${PKG_CONFIG_PATHN32}" \
./autogen.sh --prefix=/usr --sysconfdir=/etc --localstatedir=/var \
    --libdir=/usr/lib32 --with-pam-module-dir=/lib32/security &&
make

Install the package 

make install

64Bit

Compile the package: 

CC="gcc ${BUILD64}" PKG_CONFIG_PATH="${PKG_CONFIG_PATH64}" \
./autogen.sh --prefix=/usr --sysconfdir=/etc --localstatedir=/var \
    --libdir=/usr/lib64 --with-pam-module-dir=/lib64/security &&
make

Install the package 

make install

Configuration

Bootscript

Create the bootscript: 

cat > /etc/rc.d/init.d/polkitd << "EOF"
#!/bin/sh
# Begin $rc_base/init.d/polkitd

. /etc/sysconfig/rc
. ${rc_functions}

case "${1}" in
        start)
                boot_mesg "Starting PolicyKit..."
                loadproc /usr/sbin/polkitd
                ;;

        stop)
                boot_mesg "Stopping PolicyKit..."
                killproc /usr/sbin/polkitd
                ;;

        restart)
                ${0} stop
                sleep 1
                ${0} start
                ;;

        status)
                statusproc /usr/sbin/polkitd
                ;;

        *)
                echo "Usage: ${0} {start|stop|restart|status}"
                exit 1
                ;;
esac

# End $rc_base/init.d/acpid
EOF
chmod -v 754 /etc/rc.d/init.d/polkitd

Link it into the runlevels: 

for link in /etc/rc.d/rc{{0,1,6}.d/K29,{2,3,4,5}.d/S20}polkitd; do
  ln -sfv ../init.d/polkitd $link;
done

Privileges

PolicyKit installs desktop-console.privilege in /etc/PolicyKit/privilege.d which is the file that HAL will reference to see if the user can preform a specific operation (mount, cpufreq, hibernate, poweroff, reboot, suspend, etc...). Other privileges that manipulate a local device are most likely going to require this privilege.

There are a few ways to configure a privilege. You can allow anybody by setting Allow=uid:__all__, a specific user by setting Allow=uid:username, or a specific group by setting Allow=gid:groupname. The same applies for Deny.

The following command modifies the privilege file so that anyone in the users group is allowed to manipulate a local device: 

sed -i "s/^Allow=.*/Allow=gid:users/" \
    /etc/PolicyKit/privilege.d/desktop-console.privilege

Contents

Installed Programs: ???
Installed Libraries: ???
Installed Directories: ???

Short Descriptions

program1 ???
program2 ???
library1.{so,a} ???
Retrieved from "?title=PolicyKit&oldid=7414"