Using polkit in a flatpak project
Guy Streeter
guy.streeter at gmail.com
Mon Aug 27 14:49:31 UTC 2018
It's a process management tool, and it has to perform privileged operations.
I guess it's not suitable for packaging with flatpak. I was hoping to
create a distro-agnostic package for it.
Thanks for the quick reply.
--Guy
On Mon, Aug 27, 2018 at 2:01 AM Alexander Larsson <alexl at redhat.com> wrote:
> It is not possible for a flatpak application to raise its own
> privileges using policykit. Allowing an app to specify that it should
> be launched with root privileges would not only be a sandbox escape,
> but also a privilege escalation hole.
>
> There is technically nothing in flatpak that disallows linking to the
> polkit libraries, and there is no reason for a policykit agent to not
> *work* when its inside a flatpak.
> However you are not allowed to install policy kit policy or rule
> files, or system-bus dbus services, which is what creates the
> privilege escalation step.
> On Mon, Aug 27, 2018 at 12:46 AM Guy Streeter <guy.streeter at gmail.com>
> wrote:
> >
> > I have written a GTK-based GUI application for which I would like to
> create a flatpak package. My application includes a privileged back-end
> service which is started by dbus and authenticated using PolicyKit. It is
> written in Python using Gobject introspection.
> >
> > I have not found a runtime containing the polkit libraries and
> executables, nor the gi.repository Polkit namespace. Before I go any
> further along this path: Is there a reason why polkit is missing?
> >
> > Is using polkit in a flatpak application something I should expect to
> work? If so, how should I proceed?
> >
> > thanks,
> > --Guy
> >
> > _______________________________________________
> > Flatpak mailing list
> > Flatpak at lists.freedesktop.org
> > https://lists.freedesktop.org/mailman/listinfo/flatpak
>
>
>
> --
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> Alexander Larsson Red Hat, Inc
> alexl at redhat.com alexander.larsson at gmail.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/flatpak/attachments/20180827/0361df9d/attachment.html>
More information about the Flatpak
mailing list