PolicyKit

From CBLFS
Revision as of 16:39, 12 November 2006 by Epitome (talk | contribs)
Jump to navigationJump to search
Download Source: (Not Released Yet)

Dependencies

Required

Optional

PolKit User/Group

groupadd -g 17 polkit &&
useradd -c "Policy Kit Daemon User" -d /dev/null \
        -u 17 -g polkit -s /bin/false polkit

Getting the source

Check out the source from freedesktop.org:

git clone git://anongit.freedesktop.org/git/PolicyKit

It couldn't hurt to make a tarball so you have an unmodified source around for the future:

tar cvjf PolicyKit{.tar.bz2,}

Non-Multilib

Compile the package:

./autogen.sh --prefix=/usr --sysconfdir=/etc --localstatedir=/var &&
make

Install the package

make install

Multilib

32Bit

Compile the package:

CC="gcc ${BUILD32}" PKG_CONFIG_PATH="${PKG_CONFIG_PATH32}" \
./autogen.sh --prefix=/usr --sysconfdir=/etc --localstatedir=/var &&
make

Install the package

make install

N32

Compile the package:

CC="gcc ${BUILDN32}" PKG_CONFIG_PATH="${PKG_CONFIG_PATHN32}" \
./autogen.sh --prefix=/usr --sysconfdir=/etc --localstatedir=/var \
    --libdir=/usr/lib32 --with-pam-module-dir=/lib32/security &&
make

Install the package

make install

64Bit

Compile the package:

CC="gcc ${BUILD64}" PKG_CONFIG_PATH="${PKG_CONFIG_PATH64}" \
./autogen.sh --prefix=/usr --sysconfdir=/etc --localstatedir=/var \
    --libdir=/usr/lib64 --with-pam-module-dir=/lib64/security &&
make

Install the package

make install

Configuration

Bootscript

There is no pre-made bootscript for PolicyKit at this time. The daemon is at /usr/sbin/polkitd and it needs to start after DBUS but before HAL.

Privileges

PolicyKit installs desktop-console.privilege in /etc/PolicyKit/privilege.d which is the file that HAL will reference to see if the user can preform a specific operation (mount, cpufreq, hibernate, poweroff, reboot, suspend, etc...). Other privileges that manipulate a local device are most likely going to require this privilege.

There are a few ways to configure a privilege. You can allow anybody by setting Allow=uid:__all__, a specific user by setting Allow=uid:username, or a specific group by setting Allow=gid:groupname. The same applies for Deny.

The following command modifies the privilege file so that anyone in the users group is allowed to manipulate a local device:

sed -i "s/^Allow=.*/Allow=gid:users/" \
    /etc/PolicyKit/privilege.d/desktop-console.privilege
Retrieved from "?title=PolicyKit&oldid=4011"