Context Navigation

source: postlfs/security/polkit.xml@ da7274f

Visit:

12.1 ken/TL2024 lazarus plabs/newcss python3.11 rahul/power-profiles-daemon trunk xry111/llvm18

Last change on this file since da7274f was bdc255c, checked in by Xi Ruoyao <xry111@…>, 8 months ago
polkit: Add lxqt-policykit as a possible polkit authentication agent
Property mode set to `100644`
File size: 15.4 KB

Line
1	<?xml version="1.0" encoding="ISO-8859-1"?>
2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4	<!ENTITY % general-entities SYSTEM "../../general.ent">
5	%general-entities;
6
7	<!ENTITY polkit-download-http "https://gitlab.freedesktop.org/polkit/polkit/-/archive/&polkit-version;/polkit-&polkit-version;.tar.gz">
8	<!ENTITY polkit-download-ftp " ">
9	<!ENTITY polkit-md5sum "36540b837c588e1e77145523bb39f511">
10	<!ENTITY polkit-size "736 KB">
11	<!ENTITY polkit-buildsize "6.8 MB (with tests)">
12	<!ENTITY polkit-time "0.3 SBU (with tests, using parallelism=4)">
13	]>
14
15	<sect1 id="polkit" xreflabel="Polkit-&polkit-version;">
16	<?dbhtml filename="polkit.html"?>
17
18
19	<title>Polkit-&polkit-version;</title>
20
21	<indexterm zone="polkit">
22	<primary sortas="a-Polkit">Polkit</primary>
23	</indexterm>
24
25	<sect2 role="package">
26	<title>Introduction to Polkit</title>
27
28	<para>
29	<application>Polkit</application> is a toolkit for defining and handling
30	authorizations. It is used for allowing unprivileged processes to
31	communicate with privileged processes.
32	</para>
33
34	&lfs120_checked;
35
36	<bridgehead renderas="sect3">Package Information</bridgehead>
37	<itemizedlist spacing="compact">
38	<listitem>
39	<para>
40	Download (HTTP): <ulink url="&polkit-download-http;"/>
41	</para>
42	</listitem>
43	<listitem>
44	<para>
45	Download (FTP): <ulink url="&polkit-download-ftp;"/>
46	</para>
47	</listitem>
48	<listitem>
49	<para>
50	Download MD5 sum: &polkit-md5sum;
51	</para>
52	</listitem>
53	<listitem>
54	<para>
55	Download size: &polkit-size;
56	</para>
57	</listitem>
58	<listitem>
59	<para>
60	Estimated disk space required: &polkit-buildsize;
61	</para>
62	</listitem>
63	<listitem>
64	<para>
65	Estimated build time: &polkit-time;
66	</para>
67	</listitem>
68	</itemizedlist>
69
70	<!--
71	<bridgehead renderas="sect3">Additional Downloads</bridgehead>
72	<itemizedlist spacing="compact">
73	<listitem>
74	<para>
75	Required patch:
76	<ulink url="&patch-root;/polkit-&polkit-version;-security_fixes-1.patch"/>
77	</para>
78	</listitem>
79	<listitem>
80	<para>
81	Required patch:
82	<ulink url="&patch-root;/polkit-&polkit-version;-js91-1.patch"/>
83	</para>
84	</listitem>
85	</itemizedlist>
86	-->
87
88	<bridgehead renderas="sect3">Polkit Dependencies</bridgehead>
89
90	<bridgehead renderas="sect4">Required</bridgehead>
91	<para role="required">
92	<xref linkend="glib2"/>
93	</para>
94
95	<bridgehead renderas="sect4">Recommended</bridgehead>
96	<para role="recommended">
97	<!-- For jhalfs just make it required to avoid over-complexity. -->
98	<xref role="required" linkend="duktape"/>,
99	<xref linkend="gobject-introspection"/>,
100	<xref linkend="libxslt"/>,<phrase revision="systemd"> and</phrase>
101	<xref linkend="linux-pam"/><phrase revision="sysv">, and
102	<xref linkend="elogind"/>
103	</phrase>
104	</para>
105
106	<note>
107	<para>
108	Since <phrase revision="sysv"><command>elogind</command></phrase>
109	<phrase revision="systemd"><command>systemd-logind</command></phrase>
110	uses PAM to register user sessions, it is a good idea to build
111	<application>Polkit</application> with PAM support so
112	<phrase revision="sysv"><command>elogind</command></phrase>
113	<phrase revision="systemd"><command>systemd-logind</command></phrase>
114	can track <application>Polkit</application> sessions.
115	</para>
116	</note>
117
118
119	<!-- Due to the fact that meson will not autodetect g-i and
120	has it set to required unless you pass an option, and the likelihood
121	of users ignoring a command explanation and then sending in mails
122	regarding KDE or GNOME not working after installing polkit, let's move
123	it to recommended. See #15640 for logic
124	<bridgehead renderas="sect4">Optional (Required if building GNOME)</bridgehead>
125	<para role="optional">
126	<xref linkend="gobject-introspection"/>
127	</para>
128	-->
129
130	<bridgehead renderas="sect4">Optional</bridgehead>
131	<para role="optional">
132	<xref linkend="gtk-doc"/>,
133	<xref linkend="python-dbusmock"/>, and
134	<xref linkend="spidermonkey"/> (can be used in place of duktape)
135	</para>
136
137	<bridgehead renderas="sect4" revision="systemd">Required Runtime Dependencies</bridgehead>
138	<para role="required" revision="systemd">
139	<xref role="runtime" linkend="systemd"/>
140	</para>
141
142	<bridgehead renderas="sect4" id="polkit-agent" xreflabel="Polkit Authentication Agent">
143	Optional Runtime Dependencies
144	</bridgehead>
145	<para role="optional">
146	One polkit authentication agent for using polkit in the graphical
147	environment:
148	<application>polkit-kde-agent</application> in
149	<xref role="runtime" linkend="plasma5-build"/> for KDE,
150	the agent built in
151	<xref role="runtime" linkend="gnome-shell"/> for GNOME3,
152	<xref role="runtime" linkend="polkit-gnome"/> for XFCE, and
153	<xref role="runtime" linkend="lxqt-policykit"/> for LXQt
154	</para>
155
156	<note>
157	<para>
158	If <xref linkend="libxslt"/> is installed,
159	then <xref linkend="DocBook"/> and <xref linkend="docbook-xsl"/> are
160	required. If you have installed <xref linkend="libxslt"/>, but you do
161	not want to install any of the DocBook packages mentioned, you will
162	need to use <option>-Dman=false</option> in the instructions
163	below.
164	</para>
165	</note>
166
167	</sect2>
168
169	<sect2 role="installation">
170	<title>Installation of Polkit</title>
171
172	<para>
173	There should be a dedicated user and group to take control
174	of the <command>polkitd</command> daemon after it is
175	started. Issue the following commands as the
176	<systemitem class="username">root</systemitem> user:
177	</para>
178
179	<screen role="root"><userinput>groupadd -fg 27 polkitd &&
180	useradd -c "PolicyKit Daemon Owner" -d /etc/polkit-1 -u 27 \
181	-g polkitd -s /bin/false polkitd</userinput></screen>
182
183	<para>
184	If using <xref linkend="spidermonkey"/>, make the following change
185	(see Command Explanations below for more information):
186	</para>
187
188	<screen><userinput remap="nodump">sed -e '/mozjs/s/102/115/' -i meson.build &&
189	sed -e 's/JS_Init/JS::DisableJitBackend(); &/' \
190	-i src/polkitbackend/polkitbackendjsauthority.cpp</userinput></screen>
191
192	<!--
193	<para>
194	Apply a patch to fix two security issues:
195	</para>
196
197	<screen><userinput remap="pre">patch -Np1 -i ../polkit-&polkit-version;-security_fixes-1.patch</userinput></screen>
198
199	<para>
200	Port this package to use JS-91:
201	</para>
202
203	<screen><userinput remap="pre">patch -Np1 -i ../polkit-&polkit-version;-js91-1.patch</userinput></screen>
204	-->
205
206	<para>
207	Install <application>Polkit</application> by running the following
208	commands:
209	</para>
210
211	<screen revision="systemd"><userinput>mkdir build &&
212	cd build &&
213
214	meson setup .. \
215	--prefix=/usr \
216	--buildtype=release \
217	-Dman=true \
218	-Dsession_tracking=libsystemd-login \
219	-Dtests=true &&
220	ninja</userinput></screen>
221
222	<screen revision="sysv"><userinput>mkdir build &&
223	cd build &&
224
225	meson setup .. \
226	--prefix=/usr \
227	--buildtype=release \
228	-Dman=true \
229	-Dsession_tracking=libelogind \
230	-Dtests=true &&
231	ninja</userinput></screen>
232
233	<para>
234	To test the results, first ensure that the system
235	<application>D-Bus</application> daemon is running,
236	and both <xref linkend='dbus-python'/> and
237	<xref linkend='python-dbusmock'/> are installed.
238	Then run <command>ninja test</command>.
239	</para>
240
241	<para>
242	Now, as the <systemitem class="username">root</systemitem> user:
243	</para>
244
245	<screen role="root"><userinput>ninja install</userinput></screen>
246
247	</sect2>
248
249	<sect2 role="commands">
250	<title>Command Explanations</title>
251
252	<para>
253	<command>sed -e '/mozjs/s/102/115/' meson.build</command>:
254	Allow building this package with SpiderMonkey from Firefox 115 ESR
255	releases.
256	</para>
257
258	<para>
259	<command>sed -e 's/JS_Init/JS::DisableJitBackend(); &/' ...
260	</command>: The JIT compiling of <xref linkend='spidermonkey'/>
261	needs W+X mapping which
262	is dangerous and is not permitted by the
263	<application>systemd</application> unit file shipped within the polkit
264	package. This command is not strictly needed on systems based on
265	sysvinit but it still improves security. It has no effect if building
266	polkit with the recommended <xref linkend='duktape'/> Javascript
267	engine.
268	</para>
269
270	<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
271	href="../../xincludes/meson-buildtype-release.xml"/>
272
273	<para>
274	<parameter>-Dtests=true</parameter>: This switch allows to run the
275	test suite of this package. As <application>Polkit</application> is
276	used for authorizations, its integrity can affect system security.
277	So it's recommended to run the test suite building this package.
278	</para>
279
280	<para>
281	<option>-Djs_engine=mozjs</option>: This switch allows using the
282	<xref linkend="spidermonkey"/> JavaScript engine instead of the
283	<xref linkend='duktape'/> JavaScript engine.
284	</para>
285
286	<!--
287	<para revision="sysv">
288	<parameter>- -disable-libsystemd-login</parameter>: This switch forces
289	polkit to build with elogind support (if available) rather than
290	systemd-logind.
291	</para>
292
293
294	<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
295	href="../../xincludes/static-libraries.xml"/>
296	-->
297
298	<para>
299	<option>-Dos_type=lfs</option>: Use this switch if you did not create
300	the <filename>/etc/lfs-release</filename> file or distribution auto
301	detection will fail and you will be unable to use
302	<application>Polkit</application>.
303	</para>
304
305	<para>
306	<option>-Dauthfw=shadow</option>: This switch enables the
307	package to use the <application>Shadow</application> rather than the
308	<application>Linux PAM</application> Authentication framework. Use it
309	if you have not installed <application>Linux PAM</application>.
310	</para>
311
312	<!--
313	<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
314	href="../../xincludes/gtk-doc-rebuild.xml"/>
315	-->
316
317	<para>
318	<option>-Dintrospection=false</option>: Use this option if you are certain
319	that you do not need gobject-introspection files for polkit, or do not have
320	gobject-introspection installed.
321	</para>
322
323	<para>
324	<option>-Dman=false</option>: Use this option to disable generating and
325	installing manual pages. This is useful if libxslt is not installed.
326	</para>
327
328	<para>
329	<option>-Dexamples=true</option>: Use this option to build the example
330	programs.
331	</para>
332
333	<para>
334	<option>-Dgtk_doc=true</option>: Use this option to enable building and
335	installing the API documentation.
336	</para>
337
338	</sect2>
339
340	<sect2 role="content">
341	<title>Contents</title>
342
343	<segmentedlist>
344	<segtitle>Installed Programs</segtitle>
345	<segtitle>Installed Libraries</segtitle>
346	<segtitle>Installed Directories</segtitle>
347
348	<seglistitem>
349	<seg>
350	pkaction, pkcheck, <!--pk-example-frobnicate,--> pkexec,
351	pkttyagent, and polkitd
352	</seg>
353	<seg>
354	libpolkit-agent-1.so and
355	libpolkit-gobject-1.so
356	</seg>
357	<seg>
358	/etc/polkit-1,
359	/usr/include/polkit-1,
360	/usr/lib/polkit-1,
361	/usr/share/gtk-doc/html/polkit-1, and
362	/usr/share/polkit-1
363	</seg>
364	</seglistitem>
365	</segmentedlist>
366
367	<variablelist>
368	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
369	<?dbfo list-presentation="list"?>
370	<?dbhtml list-presentation="table"?>
371
372	<varlistentry id="pkaction">
373	<term><command>pkaction</command></term>
374	<listitem>
375	<para>
376	is used to obtain information about registered PolicyKit actions
377	</para>
378	<indexterm zone="polkit pkaction">
379	<primary sortas="b-pkaction">pkaction</primary>
380	</indexterm>
381	</listitem>
382	</varlistentry>
383
384	<varlistentry id="pkcheck">
385	<term><command>pkcheck</command></term>
386	<listitem>
387	<para>
388	is used to check whether a process is authorized for action
389	</para>
390	<indexterm zone="polkit pkcheck">
391	<primary sortas="b-pkcheck">pkcheck</primary>
392	</indexterm>
393	</listitem>
394	</varlistentry>
395
396	<!--
397	<varlistentry id="pk-example-frobnicate">
398	<term><command>pk-example-frobnicate</command></term>
399	<listitem>
400	<para>
401	is an example program to test the <command>pkexec</command>
402	command
403	</para>
404	<indexterm zone="polkit pk-example-frobnicate">
405	<primary sortas="b-pk-example-frobnicate">pk-example-frobnicate</primary>
406	</indexterm>
407	</listitem>
408	</varlistentry>
409	-->
410
411	<varlistentry id="pkexec">
412	<term><command>pkexec</command></term>
413	<listitem>
414	<para>
415	allows an authorized user to execute a command as another user
416	</para>
417	<indexterm zone="polkit pkexec">
418	<primary sortas="b-pkexec">pkexec</primary>
419	</indexterm>
420	</listitem>
421	</varlistentry>
422
423	<varlistentry id="pkttyagent">
424	<term><command>pkttyagent</command></term>
425	<listitem>
426	<para>
427	is used to start a textual authentication agent for the subject
428	</para>
429	<indexterm zone="polkit pkttyagent">
430	<primary sortas="b-pkttyagent">pkttyagent</primary>
431	</indexterm>
432	</listitem>
433	</varlistentry>
434
435	<varlistentry id="polkitd">
436	<term><command>polkitd</command></term>
437	<listitem>
438	<para>
439	provides the org.freedesktop.PolicyKit1 <application>D-Bus</application>
440	service on the system message bus
441	</para>
442	<indexterm zone="polkit polkitd">
443	<primary sortas="b-polkitd">polkitd</primary>
444	</indexterm>
445	</listitem>
446	</varlistentry>
447
448	<varlistentry id="libpolkit-agent-1">
449	<term><filename class="libraryfile">libpolkit-agent-1.so</filename></term>
450	<listitem>
451	<para>
452	contains the <application>Polkit</application> authentication
453	agent API functions
454	</para>
455	<indexterm zone="polkit libpolkit-agent-1">
456	<primary sortas="c-libpolkit-agent-1">libpolkit-agent-1.so</primary>
457	</indexterm>
458	</listitem>
459	</varlistentry>
460
461	<varlistentry id="libpolkit-gobject-1">
462	<term><filename class="libraryfile">libpolkit-gobject-1.so</filename></term>
463	<listitem>
464	<para>
465	contains the <application>Polkit</application> authorization API functions
466	</para>
467	<indexterm zone="polkit libpolkit-gobject-1">
468	<primary sortas="c-libpolkit-gobject-1">libpolkit-gobject-1.so</primary>
469	</indexterm>
470	</listitem>
471	</varlistentry>
472
473	</variablelist>
474
475	</sect2>
476
477	</sect1>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: