Using polkit in a flatpak project
Alexander Larsson
alexl at redhat.com
Mon Aug 27 07:01:21 UTC 2018
It is not possible for a flatpak application to raise its own
privileges using policykit. Allowing an app to specify that it should
be launched with root privileges would not only be a sandbox escape,
but also a privilege escalation hole.
There is technically nothing in flatpak that disallows linking to the
polkit libraries, and there is no reason for a policykit agent to not
*work* when its inside a flatpak.
However you are not allowed to install policy kit policy or rule
files, or system-bus dbus services, which is what creates the
privilege escalation step.
On Mon, Aug 27, 2018 at 12:46 AM Guy Streeter <guy.streeter at gmail.com> wrote:
>
> I have written a GTK-based GUI application for which I would like to create a flatpak package. My application includes a privileged back-end service which is started by dbus and authenticated using PolicyKit. It is written in Python using Gobject introspection.
>
> I have not found a runtime containing the polkit libraries and executables, nor the gi.repository Polkit namespace. Before I go any further along this path: Is there a reason why polkit is missing?
>
> Is using polkit in a flatpak application something I should expect to work? If so, how should I proceed?
>
> thanks,
> --Guy
>
> _______________________________________________
> Flatpak mailing list
> Flatpak at lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/flatpak
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Alexander Larsson Red Hat, Inc
alexl at redhat.com alexander.larsson at gmail.com
More information about the Flatpak
mailing list