wingo pushed a commit to branch wip-pam-elogind
in repository guix.
commit 7b891712f144f61c451246a446dc394e257d25e2
Author: Andy Wingo <wi...@pobox.com>
Date: Tue Aug 18 11:57:15 2015 +0200
gnu: Add polkit service.
* gnu/services/desktop.scm (polkit-service): New function.
(%desktop-services): Add polkit service.
---
gnu/services/desktop.scm | 48 +++++++++++++++++++++++++++++++++++++++++----
1 files changed, 43 insertions(+), 5 deletions(-)
diff --git a/gnu/services/desktop.scm b/gnu/services/desktop.scm
index 4973e82..543b452 100644
--- a/gnu/services/desktop.scm
+++ b/gnu/services/desktop.scm
@@ -30,6 +30,7 @@
#:use-module (gnu packages gnome)
#:use-module (gnu packages avahi)
#:use-module (gnu packages wicd)
+ #:use-module (gnu packages polkit)
#:use-module (guix monads)
#:use-module (guix store)
#:use-module (guix gexp)
@@ -40,6 +41,7 @@
geoclue-application
%standard-geoclue-applications
geoclue-service
+ polkit-service
elogind-service
%desktop-services))
@@ -376,6 +378,40 @@ site} for more information."
�
;;;
+;;; Polkit privilege management service.
+;;;
+
+(define* (polkit-service #:key (polkit polkit))
+ "Return a service that runs the @command{polkit} privilege management
+service. By querying the @command{polkit} service, a privileged system
+component can know when it should grant additional capabilities to ordinary
+users. For example, an ordinary user can be granted the capability to suspend
+the system if the user is logged in locally."
+ (with-monad %store-monad
+ (return
+ (service
+ (documentation "Run the polkit privilege management service.")
+ (provision '(polkit-daemon))
+ (requirement '(dbus-system))
+
+ (start #~(make-forkexec-constructor
+ (list (string-append #$polkit "/lib/polkit-1/polkitd"))))
+ (stop #~(make-kill-destructor))
+
+ (user-groups (list (user-group
+ (name "polkitd")
+ (system? #t))))
+ (user-accounts (list (user-account
+ (name "polkitd")
+ (group "polkitd")
+ (system? #t)
+ (comment "Polkit daemon user")
+ (home-directory "/var/empty")
+ (shell
+ "/run/current-system/profile/sbin/nologin"))))))))
+
+�
+;;;
;;; Elogind login and seat management service.
;;;
@@ -407,14 +443,16 @@ when they log out."
(avahi-service)
(wicd-service)
(upower-service)
- ;; FIXME: The colord and geoclue services could all be bus-activated
- ;; by default, so they don't run at program startup. However, user
- ;; creation and /var/lib.colord creation happen at service activation
- ;; time, so we currently add them to the set of default services.
+ ;; FIXME: The colord, geoclue, and polkit services could all be
+ ;; bus-activated by default, so they don't run at program startup.
+ ;; However, user creation and /var/lib/colord creation happen at
+ ;; service activation time, so we currently add them to the set of
+ ;; default services.
(colord-service)
(geoclue-service)
+ (polkit-service)
(elogind-service)
- (dbus-service (list avahi wicd upower colord geoclue elogind))
+ (dbus-service (list avahi wicd upower colord geoclue polkit elogind))
(ntp-service)
