Comment # 3 on bug 1196890 from
From the upstream README is looks like anybody should be allowed to `pkexec`
swhkd as root without entering a password like so:

   pkexec swhkd

It is practically like a sudoers rule with NOPASSWD for everybody. It's a bit
of a peculiar way to implement it via a rule file instead of a policy file.

The way it is currently installed will not work, because the name swhkd.rules
will be processed alphabetically *after*
/etc/polkit-1/rules.d/90-default-privs.rules. The latter will deny access. In
my test I renamed it to 00-swhkd.rules then it works as intended.

A closer review of the swhkd program is required to judge whether running this
daemon as root is safe. In any case it would be better to ship a policy file
that only allows local session to do that.


You are receiving this mail because: