pool/polkit
SHA256
17
0
Fork 1
Code Issues Pull Requests Activity

Compare commits

base: pool:factory
Branches Tags
pool:factory pool:slfo-main pool:slfo-1.2
..
compare: pool:slfo-1.2
Branches Tags
pool:slfo-main pool:factory pool:slfo-1.2

1 Commits
factory ... slfo-1.2

Author SHA256 Message Date
Adrian Schröter
c4177d0609 Sync changes to SLFO-1.2 branch 2025-08-20 10:44:18 +02:00
9 changed files with 310 additions and 136 deletions
Expand all files Collapse all files

30
0001-Nested-.policy-files-cause-xml-parsing-overflow-lead.patch Normal file
View File

@@ -0,0 +1,30 @@
From 107d3801361b9f9084f78710178e683391f1d245 Mon Sep 17 00:00:00 2001
From: Jan Rybar <jrybar@redhat.com>
Date: Fri, 6 Jun 2025 13:25:55 +0200
Subject: [PATCH] Nested .policy files cause xml parsing overflow leading to
crash
---
src/polkitbackend/polkitbackendactionpool.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/polkitbackend/polkitbackendactionpool.c b/src/polkitbackend/polkitbackendactionpool.c
index 43f89cb..f4acca9 100644
--- a/src/polkitbackend/polkitbackendactionpool.c
+++ b/src/polkitbackend/polkitbackendactionpool.c
@@ -739,6 +739,12 @@ _start (void *data, const char *el, const char **attr)
guint num_attr;
ParserData *pd = data;
+ if (pd->stack_depth < 0 || pd->stack_depth >= PARSER_MAX_DEPTH)
+ {
+ g_warning ("XML parsing reached max depth?");
+ goto error;
+ }
+
for (num_attr = 0; attr[num_attr] != NULL; num_attr++)
;
--
2.43.0

3
127.tar.gz
View File

@@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:9b7bc16f086479dcc626c575976568ba4a85d34297a750d8ab3d2e57f6d8b988
size 472872

BIN
polkit-123.tar.bz2 LFS Normal file
View File

Binary file not shown.

227
polkit-actions-in-etc.patch Normal file
View File

@@ -0,0 +1,227 @@
diff --git a/docs/man/polkit.xml b/docs/man/polkit.xml
index 90715a5..10dd217 100644
--- a/docs/man/polkit.xml
+++ b/docs/man/polkit.xml
@@ -104,6 +104,7 @@ System Context | |
+------------------+ |
^ |
| +--------------------------------------+
+ | | /etc/polkit-1/actions/*.policy |
| | /usr/share/polkit-1/actions/*.policy |
| +--------------------------------------+
|
diff --git a/src/polkitbackend/polkitbackendactionpool.c b/src/polkitbackend/polkitbackendactionpool.c
index 3894fe9..17652e6 100644
--- a/src/polkitbackend/polkitbackendactionpool.c
+++ b/src/polkitbackend/polkitbackendactionpool.c
@@ -91,8 +91,10 @@ typedef struct
{
/* directory with .policy files, e.g. /usr/share/polkit-1/actions */
GFile *directory;
+ GFile *directory_alt;
GFileMonitor *dir_monitor;
+ GFileMonitor *dir_monitor_alt;
/* maps from action_id to a ParsedAction struct */
GHashTable *parsed_actions;
@@ -109,6 +111,8 @@ enum
{
PROP_0,
PROP_DIRECTORY,
+ /* TODO combine into PROP_DIRECTORIES? */
+ PROP_DIRECTORY_ALT,
};
#define POLKIT_BACKEND_ACTION_POOL_GET_PRIVATE(o) (G_TYPE_INSTANCE_GET_PRIVATE ((o), POLKIT_BACKEND_TYPE_ACTION_POOL, PolkitBackendActionPoolPrivate))
@@ -153,9 +157,15 @@ polkit_backend_action_pool_finalize (GObject *object)
if (priv->directory != NULL)
g_object_unref (priv->directory);
+ if (priv->directory_alt != NULL)
+ g_object_unref (priv->directory_alt);
+
if (priv->dir_monitor != NULL)
g_object_unref (priv->dir_monitor);
+ if (priv->dir_monitor_alt != NULL)
+ g_object_unref (priv->dir_monitor_alt);
+
if (priv->parsed_actions != NULL)
g_hash_table_unref (priv->parsed_actions);
@@ -183,6 +193,10 @@ polkit_backend_action_pool_get_property (GObject *object,
g_value_set_object (value, priv->directory);
break;
+ case PROP_DIRECTORY_ALT:
+ g_value_set_object (value, priv->directory_alt);
+ break;
+
default:
G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
break;
@@ -274,6 +288,28 @@ polkit_backend_action_pool_set_property (GObject *object,
}
break;
+ case PROP_DIRECTORY_ALT:
+ priv->directory_alt = g_value_dup_object (value);
+
+ error = NULL;
+ priv->dir_monitor_alt = g_file_monitor_directory (priv->directory_alt,
+ G_FILE_MONITOR_NONE,
+ NULL,
+ &error);
+ if (priv->dir_monitor_alt == NULL)
+ {
+ g_warning ("Error monitoring actions alt directory: %s", error->message);
+ g_error_free (error);
+ }
+ else
+ {
+ g_signal_connect (priv->dir_monitor_alt,
+ "changed",
+ (GCallback) dir_monitor_changed,
+ pool);
+ }
+ break;
+
default:
G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
break;
@@ -308,6 +344,18 @@ polkit_backend_action_pool_class_init (PolkitBackendActionPoolClass *klass)
G_PARAM_STATIC_NICK |
G_PARAM_STATIC_BLURB));
+ g_object_class_install_property (gobject_class,
+ PROP_DIRECTORY_ALT,
+ g_param_spec_object ("directoryalt",
+ "DirectoryAlt",
+ "Alternative directory to load action description files from",
+ G_TYPE_FILE,
+ G_PARAM_READWRITE |
+ G_PARAM_CONSTRUCT_ONLY |
+ G_PARAM_STATIC_NAME |
+ G_PARAM_STATIC_NICK |
+ G_PARAM_STATIC_BLURB));
+
/**
* PolkitBackendActionPool::changed:
* @action_pool: A #PolkitBackendActionPool.
@@ -334,12 +382,13 @@ polkit_backend_action_pool_class_init (PolkitBackendActionPoolClass *klass)
* Returns: A #PolkitBackendActionPool. Free with g_object_unref().
**/
PolkitBackendActionPool *
-polkit_backend_action_pool_new (GFile *directory)
+polkit_backend_action_pool_new (GFile *directory, GFile *directory_alt)
{
PolkitBackendActionPool *pool;
pool = POLKIT_BACKEND_ACTION_POOL (g_object_new (POLKIT_BACKEND_TYPE_ACTION_POOL,
"directory", directory,
+ "directoryalt", directory_alt,
NULL));
return pool;
@@ -505,12 +554,14 @@ ensure_all_files (PolkitBackendActionPool *pool)
{
PolkitBackendActionPoolPrivate *priv;
GFileEnumerator *e;
+ GFileEnumerator *e_alt;
GFileInfo *file_info;
GError *error;
priv = POLKIT_BACKEND_ACTION_POOL_GET_PRIVATE (pool);
e = NULL;
+ e_alt = NULL;
if (priv->has_loaded_all_files)
goto out;
@@ -548,12 +599,48 @@ ensure_all_files (PolkitBackendActionPool *pool)
} /* for all files */
+ /* TODO priority for files in /etc */
+
+ e_alt = g_file_enumerate_children (priv->directory_alt,
+ "standard::name",
+ G_FILE_QUERY_INFO_NONE,
+ NULL,
+ &error);
+ if (error != NULL)
+ {
+ g_warning ("Error enumerating files: %s", error->message);
+ goto out;
+ }
+
+ while ((file_info = g_file_enumerator_next_file (e_alt, NULL, &error)) != NULL)
+ {
+ const gchar *name;
+
+ name = g_file_info_get_name (file_info);
+ /* only consider files with the right suffix */
+ if (g_str_has_suffix (name, ".policy"))
+ {
+ GFile *file;
+
+ file = g_file_get_child (priv->directory_alt, name);
+
+ ensure_file (pool, file);
+
+ g_object_unref (file);
+ }
+
+ g_object_unref (file_info);
+
+ } /* for all files */
+
priv->has_loaded_all_files = TRUE;
out:
if (e != NULL)
g_object_unref (e);
+ if (e_alt != NULL)
+ g_object_unref (e_alt);
}
/* ---------------------------------------------------------------------------------------------------- */
diff --git a/src/polkitbackend/polkitbackendactionpool.h b/src/polkitbackend/polkitbackendactionpool.h
index e992eea..9ccb526 100644
--- a/src/polkitbackend/polkitbackendactionpool.h
+++ b/src/polkitbackend/polkitbackendactionpool.h
@@ -64,7 +64,7 @@ struct _PolkitBackendActionPoolClass
};
GType polkit_backend_action_pool_get_type (void) G_GNUC_CONST;
-PolkitBackendActionPool *polkit_backend_action_pool_new (GFile *directory);
+PolkitBackendActionPool *polkit_backend_action_pool_new (GFile *directory, GFile *directory_alt);
GList *polkit_backend_action_pool_get_all_actions (PolkitBackendActionPool *pool,
const gchar *locale);
diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c
index 1cfc88e..a975cac 100644
--- a/src/polkitbackend/polkitbackendinteractiveauthority.c
+++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
@@ -292,6 +292,7 @@ polkit_backend_interactive_authority_init (PolkitBackendInteractiveAuthority *au
{
PolkitBackendInteractiveAuthorityPrivate *priv;
GFile *directory;
+ GFile *directory_alt;
GError *error;
/* Force registering error domain */
@@ -300,8 +301,10 @@ polkit_backend_interactive_authority_init (PolkitBackendInteractiveAuthority *au
priv = POLKIT_BACKEND_INTERACTIVE_AUTHORITY_GET_PRIVATE (authority);
directory = g_file_new_for_path (PACKAGE_DATA_DIR "/polkit-1/actions");
- priv->action_pool = polkit_backend_action_pool_new (directory);
+ directory_alt = g_file_new_for_path (PACKAGE_SYSCONF_DIR "/polkit-1/actions");
+ priv->action_pool = polkit_backend_action_pool_new (directory, directory_alt);
g_object_unref (directory);
+ g_object_unref (directory_alt);
g_signal_connect (priv->action_pool,
"changed",
(GCallback) action_pool_changed,

28
polkit-adjust-libexec-path.patch
View File

@@ -1,21 +1,17 @@
Index: polkit-127/src/polkitagent/polkitagentsession.c
===================================================================
--- polkit-127.orig/src/polkitagent/polkitagentsession.c
+++ polkit-127/src/polkitagent/polkitagentsession.c
@@ -640,7 +640,7 @@ polkit_agent_session_initiate (PolkitAge
--- a/src/polkitagent/polkitagentsession.c
+++ b/src/polkitagent/polkitagentsession.c
@@ -596,7 +596,7 @@ polkit_agent_session_initiate (PolkitAge
goto error;
}
if (session->child_stdout == -1)
{
- helper_argv[0] = PACKAGE_PREFIX "/lib/polkit-1/polkit-agent-helper-1";
+ helper_argv[0] = PACKAGE_PREFIX "/libexec/polkit-1/polkit-agent-helper-1";
helper_argv[1] = passwd->pw_name;
helper_argv[2] = NULL;
- helper_argv[0] = PACKAGE_PREFIX "/lib/polkit-1/polkit-agent-helper-1";
+ helper_argv[0] = PACKAGE_PREFIX "/libexec/polkit-1/polkit-agent-helper-1";
helper_argv[1] = passwd->pw_name;
helper_argv[2] = NULL;
Index: polkit-127/meson.build
===================================================================
--- polkit-127.orig/meson.build
+++ polkit-127/meson.build
@@ -29,7 +29,7 @@ pk_sysconfdir = get_option('sysconfdir')
--- a/meson.build
+++ b/meson.build
@@ -28,7 +28,7 @@ pk_sysconfdir = get_option('sysconfdir')
pk_pkgdatadir = pk_datadir / pk_api_name
pk_pkgincludedir = pk_includedir / pk_api_name
# note that this is always 'lib', not lib64 or lib/x86_64-linux-gnu

19
polkit-gettext.patch
View File

@@ -17,19 +17,19 @@ translations for the requested language.
src/polkitbackend/polkitbackendactionpool.c | 17 +++++++++++++++--
1 file changed, 15 insertions(+), 2 deletions(-)
Index: polkit-126/src/polkitbackend/polkitbackendactionpool.c
===================================================================
--- polkit-126.orig/src/polkitbackend/polkitbackendactionpool.c
+++ polkit-126/src/polkitbackend/polkitbackendactionpool.c
@@ -23,6 +23,7 @@
diff --git a/src/polkitbackend/polkitbackendactionpool.c b/src/polkitbackend/polkitbackendactionpool.c
index 3894fe9..9252788 100644
--- a/src/polkitbackend/polkitbackendactionpool.c
+++ b/src/polkitbackend/polkitbackendactionpool.c
@@ -24,6 +24,7 @@
#include <pwd.h>
#include <string.h>
#include <expat.h>
+#include <locale.h>
#ifdef ENABLE_GETTEXT
#include <locale.h>
@@ -1232,8 +1233,20 @@ _localize (GHashTable *translations,
#include <polkit/polkit.h>
#include <polkit/polkitprivate.h>
@@ -1132,8 +1133,20 @@ _localize (GHashTable *translations,
if (result != NULL)
goto out;
@@ -52,3 +52,6 @@ Index: polkit-126/src/polkitbackend/polkitbackendactionpool.c
out:
return result;
--
2.12.2

91
polkit.changes
View File

@@ -1,87 +1,9 @@
-------------------------------------------------------------------
Tue Jan 20 08:46:38 UTC 2026 - Marcus Meissner <meissner@suse.com>
Tue Jul 15 14:15:03 UTC 2025 - Marcus Meissner <meissner@suse.com>
- change to /var/lib/polkit-1 being tmpfiles created (jsc#PED-14794)
-------------------------------------------------------------------
Thu Jan 8 12:28:03 UTC 2026 - Marcus Meissner <meissner@suse.com>
- Updated to version 127:
- socket-activated polkit-agent-helper can now run without SETUID (Luca Boccassi)
- user id (UID) now accessible to JavaScript rules via subject.uid (Rosentti, Jan Rybar)
- INI config file support for polkitd with configurable auth expiration timer (Luca Boccassi)
- auth_keep: skip re-authentication if new process shares same UID/parent/cgroup/tty (Luca Boccassi)
- CheckAuthorization now returns 'polkit.result' in the details dict (Luca Boccassi)
- pkexec: set $SUDO_UID/$SUDO_GID for compatibility with sudo (Lennart Poettering)
- pkexec: use realpath when comparing org.freedesktop.policykit.exec.path (Walter Doekes)
- memory limits added to systemd unit to mitigate memory leaks (Alexander Meshcheryakov)
- new translations: Bulgarian (twlvnn kraftwerk), Occitan (Mejans)
- systemd-socket-activation.patch: upstream, removed
- auth_keep.patch: upstream, removed
- sudo_uid.patch: upstream, removed
- added polkitd.conf.5 manpage, added polkitd.conf
-------------------------------------------------------------------
Mon Oct 13 08:31:45 UTC 2025 - Thorsten Kukuk <kukuk@suse.com>
- Backport for NoNewPrivs support:
- systemd-socket-activation.patch: start agent via socket, no setuid
- Backport of patches for better run0 usability:
- auth_keep.patch: do not ask for reauth if new process shares same UID/parent/cgroup/tty
- sudo_uid.patch: also set $SUDO_UID/$SUDO_GID for compat with sudo
-------------------------------------------------------------------
Tue Sep 16 14:46:00 UTC 2025 - Andreas Schwab <schwab@suse.de>
- Skip tests in qemu emulation
-------------------------------------------------------------------
Mon Sep 15 09:12:08 UTC 2025 - Marcus Meissner <meissner@suse.com>
- change /etc/polkit-1/rules.d group ownership back to polkitd
(bsc#1249581)
-------------------------------------------------------------------
Fri Sep 12 07:31:43 UTC 2025 - Dominique Leuenberger <dimstar@opensuse.org>
- Fix user generation: move sysusers_generate_pre to install
section and use the - by then installed - polkit.conf from the
sources.
-------------------------------------------------------------------
Tue Jul 15 14:30:09 UTC 2025 - Marcus Meissner <meissner@suse.com>
- Updated to version 126:
+ Highlights:
- many code fixes detected either by CI or the author himself (Frantisek Sumsal)
- shellcheck and dependabot integration (Jan Macku)
- search for rules in /usr/local/share rather than /usr/local/lib (Luca Boccassi)
- Implement LogControl1 protocol for dynamic log level changes (Luca Boccassi)
- read actions also from /etc/, /run/ and /usr/local/share/ (Luca Boccassi)
- mozjs dropped in favor of duktape (Xi Ruoyao)
- many other fixes in build system and polkit code (Many thanks to all the authors.)
- Updated to version 125:
+ Highlights:
- introduction of CodeQL and a new integration test suite (Frantisek Sumsal)
- dropped mocklibc (Frantisek Sumsal)
- syslog-style log-levels introduction (Jan Rybar)
- LogControl integration (Luca Boccassi)
- pkexec: "No session for cookie" finally fixed (huxiaodong)
- resources optimizations: only instances affected by sessions-change recalculate authorizations (Jan Rybar, thanks to Michal Sekletar and Milan Crha)
- meson tweaks (Alyssa Ross, Luca Boccassi, Michael Biebl, Michael Olbrich)
- build warnings cleanup (peelz)
- Packit service configuration for the new upstream platform (Vincent Mihalkovic)
- systemd-tmpfiles.d integration (Vincent Mihalkovic)
- other fixes and changes (Gleb Popov, heather7283, Tianyu Chen, Tobias Stoeckmann)
- internationalization: Slovenian (filmsi), Hindi (Scrambled777)
- Updated to version 124:
+ Highlights:
- PIDFDs are used if available to track processes
- pidfd parameter available for CheckAuthorization()
- systemd-sysuser enabled for polkit
- polkit-actions-in-etc.patch: done upstream in commit 9958c259f82b066f613d171d2934c1bd829e31a4
- polkit-fix-implicit.patch: not needed anymore
- revert upstream change to have /etc/polkit-1/rules.d as tempdir
- CVE-2025-7519: Fixed that a XML policy file with a large number of
nested elements may lead to out-of-bounds write (bsc#1246472)
added 0001-Nested-.policy-files-cause-xml-parsing-overflow-lead.patch
-------------------------------------------------------------------
Wed Aug 14 12:33:37 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
@@ -96,11 +18,6 @@ Fri Jul 12 12:53:13 UTC 2024 - Martin Jambor <mjambor@suse.com>
work-around an issue in mocklibc (which has been meanwhile removed
by upstream) with exactly this kind of issue.
-------------------------------------------------------------------
Tue Jun 4 11:54:16 UTC 2024 - Marcus Meissner <meissner@suse.com>
- polkit-fix-implicit.patch: fixed implicit to make it build with gcc14.
-------------------------------------------------------------------
Fri Dec 8 22:20:51 UTC 2023 - Tobias Klausmann <tobias.klausmann@freenet.de>

43
polkit.spec
View File

@@ -1,7 +1,7 @@
#
# spec file for package polkit
#
# Copyright (c) 2026 SUSE LLC and contributors
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -18,20 +18,17 @@
%define _polkit_rulesdir %{_datadir}/polkit-1/rules.d
%define glib_br_version 2.30.0
# qemu emulation creates multiple threads, so unshare(CLONE_THREAD) always
# fails.
%if !0%{?qemu_user_space_build}
%define run_tests 1
%endif
Name: polkit
Version: 127
Version: 123
Release: 0
Summary: PolicyKit Authorization Framework
License: LGPL-2.1-or-later
Group: System/Libraries
URL: https://github.com/polkit-org/polkit
Source0: %{url}/archive/refs/tags/%{version}.tar.gz
URL: https://gitlab.freedesktop.org/polkit/polkit/
Source0: %{url}/-/archive/%{version}/%{name}-%{version}.tar.bz2
Source3: system-user-polkitd.conf
Source4: 50-default.rules
Source99: baselibs.conf
@@ -47,6 +44,10 @@ Patch1: polkit-gettext.patch
Patch3: polkit-keyinit.patch
# PATCH-FIX-OPENSUSE polkit-adjust-libexec-path.patch -- Adjust path to polkit-agent-helper-1 (bsc#1180474)
Patch4: polkit-adjust-libexec-path.patch
# Read actions also from /etc/polkit-1/actions
Patch6: polkit-actions-in-etc.patch
# PATCH-FIX-UPSTREAM 0001-Nested-.policy-files-cause-xml-parsing-overflow-lead.patch meissner@ -- 1246472 VUL-0: CVE-2025-7519 polkit: XML policy file with a large number of nested elements may lead to out-of-bounds write
Patch7: 0001-Nested-.policy-files-cause-xml-parsing-overflow-lead.patch
BuildRequires: gcc-c++
BuildRequires: gettext-devel
@@ -164,7 +165,7 @@ This package provides the GObject Introspection bindings for PolicyKit.
%global optflags %{optflags} -Wno-error=implicit-function-declaration
%meson \
-D session_tracking=logind \
-D session_tracking=libsystemd-login \
-D systemdsystemunitdir="%{_unitdir}" \
-D os_type=suse \
-D pam_module_dir="%{_pam_moduledir}" \
@@ -173,9 +174,10 @@ This package provides the GObject Introspection bindings for PolicyKit.
-D tests=true \
-D gtk_doc=true \
-D man=true \
-D js_engine=duktape \
%{nil}
%meson_build
%sysusers_generate_pre %{SOURCE3} polkit system-user-polkitd.conf
%if 0%{?run_tests}
%check
@@ -197,13 +199,16 @@ This package provides the GObject Introspection bindings for PolicyKit.
# create $HOME for polkit user
install -d %{buildroot}%{_localstatedir}/lib/polkit
install -m0644 %{SOURCE4} %{buildroot}/%{_polkit_rulesdir}/50-default.rules
rm -v %{buildroot}%{_polkit_rulesdir}/50-default.rules
install -m0644 %{SOURCE4} %{buildroot}%{_polkit_rulesdir}/50-default.rules
# Install the polkitd user creation file:
mkdir -p %{buildroot}%{_sysusersdir}
install -m0644 %{SOURCE3} %{buildroot}%{_sysusersdir}/
# create actions dir in /etc
mkdir %{buildroot}/%{_sysconfdir}/polkit-1/actions
%sysusers_generate_pre %{buildroot}%{_sysusersdir}/polkit.conf polkit polkitd.conf
%pre -f polkit.pre
%service_add_pre polkit.service
@@ -219,7 +224,6 @@ mkdir %{buildroot}/%{_sysconfdir}/polkit-1/actions
%post
%set_permissions %{_libexecdir}/polkit-1/polkit-agent-helper-1
%service_add_post polkit.service
%tmpfiles_create %{_tmpfilesdir}/polkit-tmpfiles.conf
%verifyscript -n pkexec
%verify_permissions -e %{_bindir}/pkexec
@@ -249,7 +253,6 @@ mkdir %{buildroot}/%{_sysconfdir}/polkit-1/actions
%{_mandir}/man1/pkaction.1%{?ext_man}
%{_mandir}/man1/pkcheck.1%{?ext_man}
%{_mandir}/man1/pkttyagent.1%{?ext_man}
%{_mandir}/man5/polkitd.conf.5%{?ext_man}
%{_mandir}/man8/polkitd.8%{?ext_man}
%{_mandir}/man8/polkit.8%{?ext_man}
%dir %{_datadir}/dbus-1
@@ -258,13 +261,11 @@ mkdir %{buildroot}/%{_sysconfdir}/polkit-1/actions
%dir %{_datadir}/dbus-1/system.d
%{_datadir}/dbus-1/system.d/org.freedesktop.PolicyKit1.conf
%dir %{_datadir}/polkit-1
%{_datadir}/polkit-1/polkitd.conf
%{_datadir}/polkit-1/policyconfig-1.dtd
%dir %{_datadir}/polkit-1/actions
%{_datadir}/polkit-1/actions/org.freedesktop.policykit.policy
%attr(0555,root,root) %dir %{_polkit_rulesdir}
%{_polkit_rulesdir}/50-default.rules
%{_tmpfilesdir}/polkit-tmpfiles.conf
%{_polkit_rulesdir}/50-default.rules
%{_pam_vendordir}/polkit-1
%dir %{_sysconfdir}/polkit-1
%attr(0750,root,polkitd) %dir %{_sysconfdir}/polkit-1/rules.d
@@ -276,11 +277,9 @@ mkdir %{buildroot}/%{_sysconfdir}/polkit-1/actions
%{_libexecdir}/polkit-1/polkitd
%verify(not mode) %attr(4755,root,root) %{_libexecdir}/polkit-1/polkit-agent-helper-1
# $HOME for polkit user
#dir %{_localstatedir}/lib/polkit
%{_sysusersdir}/polkit.conf
%dir %{_localstatedir}/lib/polkit
%{_sysusersdir}/system-user-polkitd.conf
%{_unitdir}/polkit.service
%{_unitdir}/polkit-agent-helper.socket
%{_unitdir}/polkit-agent-helper@.service
%files devel
%{_libdir}/libpolkit-agent-1.so

2
system-user-polkitd.conf Normal file
View File

@@ -0,0 +1,2 @@
#Type Name ID GECOS Home directory Shell
u polkitd - "User for polkitd" /var/lib/polkit -