policykit-1 123-1 source package in Ubuntu
Changelog
policykit-1 (123-1) unstable; urgency=medium
* New upstream release
* Update directory permissions to match upstream hardening
- /etc/polkit-1/rules.d: was 0700 polkitd:root, now 0750 root:polkitd
so polkitd cannot modify it
- /var/lib/polkit-1: same as /etc/polkit-1/rules.d
- /usr/share/polkit-1/rules.d: was 0700 polkitd:root, now 0755
root:root since everything in that directory comes from a package
anyway
* d/polkitd.postinst: Clean up /var/lib/polkit-1/.cache on upgrades,
now that polkitd will not re-create it (Closes: #855083)
* d/tests: Depend on polkitd instead of policykit-1
* d/tests: Rename cli test to polkitd
* d/tests: Add a test for pkexec
* d/p/debian/Don-t-use-PrivateNetwork-yes-for-the-systemd-unit.patch:
Disable PrivateNetwork=yes for now. This would be good to have,
but it causes autopkgtest failures under lxc. (Mitigates: #1042880)
* d/control: Stop recommending polkitd-pkla in policykit-1.
This is a step towards removing the policykit-1 transitional package
entirely: it was included in Debian 12 and Ubuntu 22.04, so it has
served its purpose and should be removed soon.
-- Simon McVittie <email address hidden> Wed, 02 Aug 2023 12:49:21 +0100
Upload details
- Uploaded by:
- Utopia Maintenance Team
- Uploaded to:
- Sid
- Original maintainer:
- Utopia Maintenance Team
- Architectures:
- any all
- Section:
- admin
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section | |
|---|---|---|---|---|
| Mantic | release | main | admin |
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| policykit-1_123-1.dsc | 3.4 KiB | 1da4c8fff5b87261149bd269a9374aca881170eb5e6768f920690ff3a7013262 |
| policykit-1_123.orig-polkit-pkla-compat.tar.bz2 | 368.2 KiB | 28ec66928327031c9a4155a1c901fdf223d2fb7030c58fc584a96e43af9d2783 |
| policykit-1_123.orig.tar.bz2 | 690.9 KiB | 72d9119b0aa35da871fd0660601d812c7a3d6af7e4e53e237840b71bb43d0c63 |
| policykit-1_123-1.debian.tar.xz | 45.1 KiB | 0290df89879cf5e8363a17001556f0597f5b5f6736251e9dd2dea23c8af1c086 |
Available diffs
- diff from 122-4 to 123-1 (16.0 KiB)
No changes file available.
Binary packages built by this source
- gir1.2-polkit-1.0: GObject introspection data for polkit
polkit is a toolkit for defining and handling the policy that
allows unprivileged processes to speak to privileged processes.
It was previously named PolicyKit.
.
This package contains introspection data for polkit.
.
It can be used by packages using the GIRepository format to generate
dynamic bindings.
- libpolkit-agent-1-0: polkit Authentication Agent API
polkit is a toolkit for defining and handling the policy that
allows unprivileged processes to speak to privileged processes.
It was previously named PolicyKit.
.
This package contains a library for accessing the authentication agent.
- libpolkit-agent-1-0-dbgsym: debug symbols for libpolkit-agent-1-0
- libpolkit-agent-1-dev: polkit Authentication Agent API - development files
polkit is a toolkit for defining and handling the policy that
allows unprivileged processes to speak to privileged processes.
It was previously named PolicyKit.
.
This package contains the development files for the library found in
libpolkit-agent-1- 0.
- libpolkit-gobject-1-0: polkit Authorization API
polkit is a toolkit for defining and handling the policy that
allows unprivileged processes to speak to privileged processes.
It was previously named PolicyKit.
.
This package contains a library for accessing polkit.
- libpolkit-gobject-1-0-dbgsym: debug symbols for libpolkit-gobject-1-0
- libpolkit-gobject-1-dev: polkit Authorization API - development files
polkit is a toolkit for defining and handling the policy that
allows unprivileged processes to speak to privileged processes.
It was previously named PolicyKit.
.
This package contains the development files for the library found in
libpolkit-gobject- 1-0.
- pkexec: run commands as another user with polkit authorization
polkit is an application-level toolkit for defining and handling the policy
that allows unprivileged processes to speak to privileged processes.
It was previously named PolicyKit.
.
pkexec is a setuid program to allow certain users to run commands as
root or as a different user, similar to sudo. Unlike sudo, it carries
out authentication and authorization by sending a request to polkit,
so it uses desktop environments' familiar prompting mechanisms for
authentication and uses polkit policies for authorization decisions.
.
By default, members of the 'sudo' Unix group can use pkexec to run any
command after authenticating. The authorization rules can be changed by
the local system administrator.
.
If this functionality is not required, removing the pkexec package will
reduce security risk by removing a setuid program.
- pkexec-dbgsym: debug symbols for pkexec
- policykit-1: transitional package for polkitd and pkexec
polkit is an application-level toolkit for defining and handling the policy
that allows unprivileged processes to speak to privileged processes.
It was previously named PolicyKit.
.
This transitional package depends on polkitd, the system service used by
polkit, and pkexec, a setuid program analogous to sudo. They were
historically packaged together, but have been separated so that users of
polkitd are not required to install pkexec.
- policykit-1-doc: documentation for polkit
polkit is a toolkit for defining and handling the policy that
allows unprivileged processes to speak to privileged processes.
It was previously named PolicyKit.
.
This package contains the API documentation of polkit.
- polkitd: framework for managing administrative policies and privileges
polkit is an application-level toolkit for defining and handling the policy
that allows unprivileged processes to speak to privileged processes.
It was previously named PolicyKit.
.
It is a framework for centralizing the decision making process with respect to
granting access to privileged operations for unprivileged (desktop)
applications.
.
In a typical use of polkit, an unprivileged application such as gnome-disks
sends requests via D-Bus or other inter-process communication mechanisms
to a privileged system service such as udisks, which asks polkitd for
permission to process those requests. This allows the application to carry
out privileged tasks without making use of setuid, which avoids several
common sources of security vulnerabilities.
.
This package provides the polkitd D-Bus service and supporting programs.
The pkexec program is not included, and can be found in the pkexec package.
- polkitd-dbgsym: debug symbols for polkitd
- polkitd-pkla: Legacy "local authority" (.pkla) backend for polkitd
polkit is an application-level toolkit for defining and handling the policy
that allows unprivileged processes to speak to privileged processes.
It was previously named PolicyKit.
.
This package configures the polkitd D-Bus service to read default
authorization policies from .desktop-style files in subdirectories of
/var/lib/polkit- 1/localauthorit y. It is compatible with the version of
polkitd used in Debian 11 and older releases.
- polkitd-pkla-dbgsym: debug symbols for polkitd-pkla
