From the upstream README is looks like anybody should be allowed to `pkexec` swhkd as root without entering a password like so: pkexec swhkd It is practically like a sudoers rule with NOPASSWD for everybody. It's a bit of a peculiar way to implement it via a rule file instead of a policy file. The way it is currently installed will not work, because the name swhkd.rules will be processed alphabetically *after* /etc/polkit-1/rules.d/90-default-privs.rules. The latter will deny access. In my test I renamed it to 00-swhkd.rules then it works as intended. A closer review of the swhkd program is required to judge whether running this daemon as root is safe. In any case it would be better to ship a policy file that only allows local session to do that.