On Fri, 03 Nov 2017 at 20:01:01 +0530, Lokesh Chakka wrote:
> I am writing one GTK application where I want to run GUI as normal user and
> issue one pthread with root privileges.
This is not possible[1]. POSIX requires that all threads within a process
have the same uid.
> I am seeing the "Authorization Success" message and "Unable to create socket".
> Actually to create socket, root previliges are required.
Yes. You don't have root privileges, and you need them. When you ask
polkit "should I allow the user to do privileged things?", the answer
only tells you what the policy is; it does not give you any privileges
that you didn't already have.
Instead of a single process, you need two separate processes: a GUI
process that is unprivileged and has the GUI, and a service process that
has root privileges, receives requests from the GUI, and asks polkit
whether it should obey those requests.
Typical examples include GNOME Disks (GUI) and udisks2 (service), GNOME
Software (GUI) and PackageKit (service), or the equivalents of those in
non-GNOME desktops (different GUI, same service).
It might be useful to think about how you would implement a system that
has the behaviour you thought polkit had - you'll probably come to the
conclusion that you can't.
Regards,
smcv
[1] Technically it's possible to have one thread with different
credentials by bypassing pthreads/POSIX APIs and using Linux-specific
syscalls; but threads share memory space, so there would be no
privilege boundary between them anyway, making it a very bad idea.
_______________________________________________
polkit-devel mailing list
polkit-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/polkit-devel
