On Fri, 03 Nov 2017 at 20:01:01 +0530, Lokesh Chakka wrote: > I am writing one GTK application where I want to run GUI as normal user and > issue one pthread with root privileges.
This is not possible[1]. POSIX requires that all threads within a process have the same uid. > I am seeing the "Authorization Success" message and "Unable to create socket". > Actually to create socket, root previliges are required. Yes. You don't have root privileges, and you need them. When you ask polkit "should I allow the user to do privileged things?", the answer only tells you what the policy is; it does not give you any privileges that you didn't already have. Instead of a single process, you need two separate processes: a GUI process that is unprivileged and has the GUI, and a service process that has root privileges, receives requests from the GUI, and asks polkit whether it should obey those requests. Typical examples include GNOME Disks (GUI) and udisks2 (service), GNOME Software (GUI) and PackageKit (service), or the equivalents of those in non-GNOME desktops (different GUI, same service). It might be useful to think about how you would implement a system that has the behaviour you thought polkit had - you'll probably come to the conclusion that you can't. Regards, smcv [1] Technically it's possible to have one thread with different credentials by bypassing pthreads/POSIX APIs and using Linux-specific syscalls; but threads share memory space, so there would be no privilege boundary between them anyway, making it a very bad idea. _______________________________________________ polkit-devel mailing list polkit-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/polkit-devel