Context Navigation

source: postlfs/security/polkit.xml@ 730d47f2

Visit:

12.1 12.2 gimp3 ken/TL2024 lazarus plabs/newcss rahul/power-profiles-daemon trunk xry111/for-12.3 xry111/llvm18 xry111/spidermonkey128

Last change on this file since 730d47f2 was 730d47f2, checked in by Bruce Dubbs <bdubbs@…>, 8 months ago
Update to polkit-124.
Property mode set to `100644`
File size: 14.9 KB

Rev	Line
[9d3d8a8]	1	<?xml version="1.0" encoding="ISO-8859-1"?>
	2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
	3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
	4	<!ENTITY % general-entities SYSTEM "../../general.ent">
	5	%general-entities;
	6
[60caf48]	7	<!ENTITY polkit-download-http "https://gitlab.freedesktop.org/polkit/polkit/-/archive/&polkit-version;/polkit-&polkit-version;.tar.gz">
[f47c6a6b]	8	<!ENTITY polkit-download-ftp " ">
[730d47f2]	9	<!ENTITY polkit-md5sum "97db655618e1483706fbc764787c7d6e">
	10	<!ENTITY polkit-size "744 KB">
	11	<!ENTITY polkit-buildsize "7.2 MB (with tests)">
	12	<!ENTITY polkit-time "0.3 SBU (with tests; using parallelism=4)">
[9d3d8a8]	13	]>
	14
[01996ebb]	15	<sect1 id="polkit" xreflabel="Polkit-&polkit-version;">
[9d3d8a8]	16	<?dbhtml filename="polkit.html"?>
	17
	18
[01996ebb]	19	<title>Polkit-&polkit-version;</title>
[9d3d8a8]	20
	21	<indexterm zone="polkit">
[01996ebb]	22	<primary sortas="a-Polkit">Polkit</primary>
[9d3d8a8]	23	</indexterm>
	24
	25	<sect2 role="package">
[01996ebb]	26	<title>Introduction to Polkit</title>
[9d3d8a8]	27
[b84342d6]	28	<para>
[01996ebb]	29	<application>Polkit</application> is a toolkit for defining and handling
[9ca304a]	30	authorizations. It is used for allowing unprivileged processes to
[30f82900]	31	communicate with privileged processes.
[b84342d6]	32	</para>
[9d3d8a8]	33
[479979e]	34	&lfs120_checked;
[27e62762]	35
[9d3d8a8]	36	<bridgehead renderas="sect3">Package Information</bridgehead>
	37	<itemizedlist spacing="compact">
	38	<listitem>
[b84342d6]	39	<para>
	40	Download (HTTP): <ulink url="&polkit-download-http;"/>
	41	</para>
[9d3d8a8]	42	</listitem>
	43	<listitem>
[b84342d6]	44	<para>
	45	Download (FTP): <ulink url="&polkit-download-ftp;"/>
	46	</para>
[9d3d8a8]	47	</listitem>
	48	<listitem>
[b84342d6]	49	<para>
	50	Download MD5 sum: &polkit-md5sum;
	51	</para>
[9d3d8a8]	52	</listitem>
	53	<listitem>
[b84342d6]	54	<para>
	55	Download size: &polkit-size;
	56	</para>
[9d3d8a8]	57	</listitem>
	58	<listitem>
[b84342d6]	59	<para>
	60	Estimated disk space required: &polkit-buildsize;
	61	</para>
[9d3d8a8]	62	</listitem>
	63	<listitem>
[b84342d6]	64	<para>
	65	Estimated build time: &polkit-time;
	66	</para>
[9d3d8a8]	67	</listitem>
	68	</itemizedlist>
[ad539dbe]	69
[7d5d3d4]	70	<!--
[7e280b45]	71	<bridgehead renderas="sect3">Additional Downloads</bridgehead>
	72	<itemizedlist spacing="compact">
[ad539dbe]	73	<listitem>
[4a0b346]	74	<para>
[7e280b45]	75	Required patch:
[4483a9a]	76	<ulink url="&patch-root;/polkit-&polkit-version;-security_fixes-1.patch"/>
[4a0b346]	77	</para>
	78	</listitem>
[b5b1af68]	79	<listitem>
	80	<para>
	81	Required patch:
	82	<ulink url="&patch-root;/polkit-&polkit-version;-js91-1.patch"/>
	83	</para>
	84	</listitem>
[3b40dbb3]	85	</itemizedlist>
[7d5d3d4]	86	-->
[ad539dbe]	87
[01996ebb]	88	<bridgehead renderas="sect3">Polkit Dependencies</bridgehead>
[9d3d8a8]	89
	90	<bridgehead renderas="sect4">Required</bridgehead>
[bb947c32]	91	<para role="required">
[b317cda]	92	<xref linkend="glib2"/>
[4c2be438]	93	</para>
	94
[51dfb3e]	95	<bridgehead renderas="sect4">Recommended</bridgehead>
	96	<para role="recommended">
[b317cda]	97	<!-- For jhalfs just make it required to avoid over-complexity. -->
	98	<xref role="required" linkend="duktape"/>,
[59f6a1f]	99	<xref linkend="gobject-introspection"/>,
[3345cfea]	100	<xref linkend="libxslt"/>,<phrase revision="systemd"> and</phrase>
	101	<xref linkend="linux-pam"/><phrase revision="sysv">, and
	102	<xref linkend="elogind"/>
[7cb46359]	103	</phrase>
[f586237]	104	</para>
	105
[51dfb3e]	106	<note>
[f586237]	107	<para>
[51dfb3e]	108	Since <phrase revision="sysv"><command>elogind</command></phrase>
	109	<phrase revision="systemd"><command>systemd-logind</command></phrase>
	110	uses PAM to register user sessions, it is a good idea to build
	111	<application>Polkit</application> with PAM support so
	112	<phrase revision="sysv"><command>elogind</command></phrase>
	113	<phrase revision="systemd"><command>systemd-logind</command></phrase>
	114	can track <application>Polkit</application> sessions.
[f586237]	115	</para>
	116	</note>
	117
	118
[59f6a1f]	119	<!-- Due to the fact that meson will not autodetect g-i and
	120	has it set to required unless you pass an option, and the likelihood
	121	of users ignoring a command explanation and then sending in mails
	122	regarding KDE or GNOME not working after installing polkit, let's move
	123	it to recommended. See #15640 for logic
[4c2be438]	124	<bridgehead renderas="sect4">Optional (Required if building GNOME)</bridgehead>
	125	<para role="optional">
	126	<xref linkend="gobject-introspection"/>
	127	</para>
[59f6a1f]	128	-->
[9d3d8a8]	129
	130	<bridgehead renderas="sect4">Optional</bridgehead>
[bb947c32]	131	<para role="optional">
[a428935]	132	<xref linkend="gtk-doc"/>,
[5028839f]	133	<xref linkend="python-dbusmock"/>, and
	134	<xref linkend="spidermonkey"/> (can be used in place of duktape)
[f586237]	135	</para>
	136
	137	<bridgehead renderas="sect4" revision="systemd">Required Runtime Dependencies</bridgehead>
	138	<para role="required" revision="systemd">
[96e9478]	139	<xref role="runtime" linkend="systemd"/>
[4c2be438]	140	</para>
[875b4070]	141
[f13e9026]	142	<bridgehead renderas="sect4" id="polkit-agent" xreflabel="Polkit Authentication Agent">
	143	Optional Runtime Dependencies
	144	</bridgehead>
[fee64868]	145	<para role="optional">
	146	One polkit authentication agent for using polkit in the graphical
	147	environment:
	148	<application>polkit-kde-agent</application> in
	149	<xref role="runtime" linkend="plasma5-build"/> for KDE,
	150	the agent built in
[bdc255c]	151	<xref role="runtime" linkend="gnome-shell"/> for GNOME3,
	152	<xref role="runtime" linkend="polkit-gnome"/> for XFCE, and
	153	<xref role="runtime" linkend="lxqt-policykit"/> for LXQt
[fee64868]	154	</para>
	155
[875b4070]	156	<note>
[b84342d6]	157	<para>
[f586237]	158	If <xref linkend="libxslt"/> is installed,
	159	then <xref linkend="DocBook"/> and <xref linkend="docbook-xsl"/> are
	160	required. If you have installed <xref linkend="libxslt"/>, but you do
	161	not want to install any of the DocBook packages mentioned, you will
[59f6a1f]	162	need to use <option>-Dman=false</option> in the instructions
[f586237]	163	below.
[b84342d6]	164	</para>
[875b4070]	165	</note>
[9d3d8a8]	166
	167	</sect2>
	168
	169	<sect2 role="installation">
[01996ebb]	170	<title>Installation of Polkit</title>
[9d3d8a8]	171
[b84342d6]	172	<para>
[01996ebb]	173	There should be a dedicated user and group to take control
	174	of the <command>polkitd</command> daemon after it is
	175	started. Issue the following commands as the
	176	<systemitem class="username">root</systemitem> user:
	177	</para>
	178
	179	<screen role="root"><userinput>groupadd -fg 27 polkitd &&
	180	useradd -c "PolicyKit Daemon Owner" -d /etc/polkit-1 -u 27 \
	181	-g polkitd -s /bin/false polkitd</userinput></screen>
	182
[730d47f2]	183	<para revision='sysv'>
	184	First fix a build problem for sysV based systems:
[7e280b45]	185	</para>
	186
[730d47f2]	187	<screen revision="sysv"><userinput>sed -i '/systemd_sysusers_dir/s/^/#/' meson.build</userinput></screen>
[b5b1af68]	188
[01996ebb]	189	<para>
	190	Install <application>Polkit</application> by running the following
[37aba7f]	191	commands:
[b84342d6]	192	</para>
[9d3d8a8]	193
[59f6a1f]	194	<screen revision="systemd"><userinput>mkdir build &&
	195	cd build &&
	196
[91318eb]	197	meson setup .. \
	198	--prefix=/usr \
[60caf48]	199	--buildtype=release \
[59f6a1f]	200	-Dman=true \
	201	-Dsession_tracking=libsystemd-login \
[91318eb]	202	-Dtests=true &&
[59f6a1f]	203	ninja</userinput></screen>
[51dfb3e]	204
[59f6a1f]	205	<screen revision="sysv"><userinput>mkdir build &&
	206	cd build &&
	207
[91318eb]	208	meson setup .. \
	209	--prefix=/usr \
[60caf48]	210	--buildtype=release \
[59f6a1f]	211	-Dman=true \
	212	-Dsession_tracking=libelogind \
[91318eb]	213	-Dtests=true &&
[59f6a1f]	214	ninja</userinput></screen>
	215
[b84342d6]	216	<para>
[8558044]	217	To test the results, first ensure that the system
[bf654b1]	218	<application>D-Bus</application> daemon is running,
	219	and both <xref linkend='dbus-python'/> and
	220	<xref linkend='python-dbusmock'/> are installed.
[8de6bb81]	221	Then run <command>ninja test</command>.
[59f6a1f]	222	</para>
[9d3d8a8]	223
[b84342d6]	224	<para>
	225	Now, as the <systemitem class="username">root</systemitem> user:
	226	</para>
[9d3d8a8]	227
[6be3fe3]	228	<screen role="root"><userinput>ninja install</userinput></screen>
[9d3d8a8]	229
	230	</sect2>
	231
	232	<sect2 role="commands">
	233	<title>Command Explanations</title>
	234
[3ce2d0c]	235	<para>
	236	<command>sed -e '/mozjs/s/102/115/' meson.build</command>:
	237	Allow building this package with SpiderMonkey from Firefox 115 ESR
	238	releases.
	239	</para>
	240
[215c3ea5]	241	<para>
[b317cda]	242	<command>sed -e 's/JS_Init/JS::DisableJitBackend(); &/' ...
[a16884c0]	243	</command>: The JIT compiling of <xref linkend='spidermonkey'/>
	244	needs W+X mapping which
[b317cda]	245	is dangerous and is not permitted by the
	246	<application>systemd</application> unit file shipped within the polkit
	247	package. This command is not strictly needed on systems based on
	248	sysvinit but it still improves security. It has no effect if building
	249	polkit with the recommended <xref linkend='duktape'/> Javascript
	250	engine.
[215c3ea5]	251	</para>
	252
[7e280b45]	253	<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
	254	href="../../xincludes/meson-buildtype-release.xml"/>
	255
[492cca2c]	256	<para>
	257	<parameter>-Dtests=true</parameter>: This switch allows to run the
	258	test suite of this package. As <application>Polkit</application> is
	259	used for authorizations, its integrity can affect system security.
	260	So it's recommended to run the test suite building this package.
	261	</para>
	262
[7d5d3d4]	263	<para>
[0c72a8b]	264	<option>-Djs_engine=mozjs</option>: This switch allows using the
[5028839f]	265	<xref linkend="spidermonkey"/> JavaScript engine instead of the
[0c72a8b]	266	<xref linkend='duktape'/> JavaScript engine.
[7d5d3d4]	267	</para>
	268
[59f6a1f]	269	<!--
[4a0b346]	270	<para revision="sysv">
[59f6a1f]	271	<parameter>- -disable-libsystemd-login</parameter>: This switch forces
[4a0b346]	272	polkit to build with elogind support (if available) rather than
	273	systemd-logind.
	274	</para>
	275
[7a9a7b26]	276
[ad539dbe]	277	<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
	278	href="../../xincludes/static-libraries.xml"/>
[59f6a1f]	279	-->
[7a9a7b26]	280
[1121404]	281	<para>
	282	<option>-Dos_type=lfs</option>: Use this switch if you did not create
	283	the <filename>/etc/lfs-release</filename> file or distribution auto
	284	detection will fail and you will be unable to use
	285	<application>Polkit</application>.
	286	</para>
	287
[51dfb3e]	288	<para>
[59f6a1f]	289	<option>-Dauthfw=shadow</option>: This switch enables the
[f586237]	290	package to use the <application>Shadow</application> rather than the
	291	<application>Linux PAM</application> Authentication framework. Use it
	292	if you have not installed <application>Linux PAM</application>.
[b84342d6]	293	</para>
	294
[59f6a1f]	295	<!--
[e05cd03f]	296	<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
[51dfb3e]	297	href="../../xincludes/gtk-doc-rebuild.xml"/>
[59f6a1f]	298	-->
	299
	300	<para>
	301	<option>-Dintrospection=false</option>: Use this option if you are certain
	302	that you do not need gobject-introspection files for polkit, or do not have
	303	gobject-introspection installed.
	304	</para>
	305
	306	<para>
	307	<option>-Dman=false</option>: Use this option to disable generating and
	308	installing manual pages. This is useful if libxslt is not installed.
	309	</para>
	310
	311	<para>
	312	<option>-Dexamples=true</option>: Use this option to build the example
	313	programs.
	314	</para>
	315
	316	<para>
	317	<option>-Dgtk_doc=true</option>: Use this option to enable building and
	318	installing the API documentation.
	319	</para>
[51dfb3e]	320
[9d3d8a8]	321	</sect2>
	322
	323	<sect2 role="content">
	324	<title>Contents</title>
	325
	326	<segmentedlist>
	327	<segtitle>Installed Programs</segtitle>
	328	<segtitle>Installed Libraries</segtitle>
	329	<segtitle>Installed Directories</segtitle>
	330
	331	<seglistitem>
[b84342d6]	332	<seg>
[59f6a1f]	333	pkaction, pkcheck, <!--pk-example-frobnicate,--> pkexec,
[a428935]	334	pkttyagent, and polkitd
[b84342d6]	335	</seg>
	336	<seg>
[0d7900a]	337	libpolkit-agent-1.so and
[b84342d6]	338	libpolkit-gobject-1.so
	339	</seg>
[028759b]	340	<seg>
[01996ebb]	341	/etc/polkit-1,
	342	/usr/include/polkit-1,
	343	/usr/lib/polkit-1,
[a428935]	344	/usr/share/gtk-doc/html/polkit-1, and
[028759b]	345	/usr/share/polkit-1
[b84342d6]	346	</seg>
[9d3d8a8]	347	</seglistitem>
	348	</segmentedlist>
	349
	350	<variablelist>
	351	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
	352	<?dbfo list-presentation="list"?>
	353	<?dbhtml list-presentation="table"?>
	354
	355	<varlistentry id="pkaction">
	356	<term><command>pkaction</command></term>
	357	<listitem>
[b84342d6]	358	<para>
[4c24eb0a]	359	is used to obtain information about registered PolicyKit actions
[b84342d6]	360	</para>
[9d3d8a8]	361	<indexterm zone="polkit pkaction">
	362	<primary sortas="b-pkaction">pkaction</primary>
	363	</indexterm>
	364	</listitem>
	365	</varlistentry>
	366
	367	<varlistentry id="pkcheck">
	368	<term><command>pkcheck</command></term>
	369	<listitem>
[b84342d6]	370	<para>
[4c24eb0a]	371	is used to check whether a process is authorized for action
[b84342d6]	372	</para>
[9d3d8a8]	373	<indexterm zone="polkit pkcheck">
	374	<primary sortas="b-pkcheck">pkcheck</primary>
	375	</indexterm>
	376	</listitem>
	377	</varlistentry>
	378
[59f6a1f]	379	<!--
[72d90b67]	380	<varlistentry id="pk-example-frobnicate">
	381	<term><command>pk-example-frobnicate</command></term>
	382	<listitem>
	383	<para>
	384	is an example program to test the <command>pkexec</command>
[4c24eb0a]	385	command
[72d90b67]	386	</para>
	387	<indexterm zone="polkit pk-example-frobnicate">
	388	<primary sortas="b-pk-example-frobnicate">pk-example-frobnicate</primary>
	389	</indexterm>
	390	</listitem>
	391	</varlistentry>
[59f6a1f]	392	-->
[7a9a7b26]	393
[9d3d8a8]	394	<varlistentry id="pkexec">
	395	<term><command>pkexec</command></term>
	396	<listitem>
[b84342d6]	397	<para>
[4c24eb0a]	398	allows an authorized user to execute a command as another user
[b84342d6]	399	</para>
[9d3d8a8]	400	<indexterm zone="polkit pkexec">
	401	<primary sortas="b-pkexec">pkexec</primary>
	402	</indexterm>
	403	</listitem>
	404	</varlistentry>
	405
[b84342d6]	406	<varlistentry id="pkttyagent">
	407	<term><command>pkttyagent</command></term>
[9d3d8a8]	408	<listitem>
[b84342d6]	409	<para>
[4c24eb0a]	410	is used to start a textual authentication agent for the subject
[b84342d6]	411	</para>
	412	<indexterm zone="polkit pkttyagent">
	413	<primary sortas="b-pkttyagent">pkttyagent</primary>
[9d3d8a8]	414	</indexterm>
	415	</listitem>
[b84342d6]	416	</varlistentry>
[9d3d8a8]	417
[875b4070]	418	<varlistentry id="polkitd">
[9d3d8a8]	419	<term><command>polkitd</command></term>
	420	<listitem>
[b84342d6]	421	<para>
[0d7900a]	422	provides the org.freedesktop.PolicyKit1 <application>D-Bus</application>
[4c24eb0a]	423	service on the system message bus
[b84342d6]	424	</para>
[875b4070]	425	<indexterm zone="polkit polkitd">
[9d3d8a8]	426	<primary sortas="b-polkitd">polkitd</primary>
	427	</indexterm>
	428	</listitem>
	429	</varlistentry>
	430
	431	<varlistentry id="libpolkit-agent-1">
[4c24eb0a]	432	<term><filename class="libraryfile">libpolkit-agent-1.so</filename></term>
[9d3d8a8]	433	<listitem>
[b84342d6]	434	<para>
[01996ebb]	435	contains the <application>Polkit</application> authentication
[4c24eb0a]	436	agent API functions
[b84342d6]	437	</para>
[9d3d8a8]	438	<indexterm zone="polkit libpolkit-agent-1">
[b84342d6]	439	<primary sortas="c-libpolkit-agent-1">libpolkit-agent-1.so</primary>
[9d3d8a8]	440	</indexterm>
	441	</listitem>
	442	</varlistentry>
	443
	444	<varlistentry id="libpolkit-gobject-1">
[4c24eb0a]	445	<term><filename class="libraryfile">libpolkit-gobject-1.so</filename></term>
[9d3d8a8]	446	<listitem>
[b84342d6]	447	<para>
[4c24eb0a]	448	contains the <application>Polkit</application> authorization API functions
[b84342d6]	449	</para>
[9d3d8a8]	450	<indexterm zone="polkit libpolkit-gobject-1">
[b84342d6]	451	<primary sortas="c-libpolkit-gobject-1">libpolkit-gobject-1.so</primary>
[9d3d8a8]	452	</indexterm>
	453	</listitem>
	454	</varlistentry>
	455
	456	</variablelist>
	457
	458	</sect2>
	459
	460	</sect1>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: