Using pkexec policy to run out of /opt/
- by liberavia
I still try to make it possible to run my app with root priveleges. Therefore I created two policies to run the application via pkexec (one for /usr/bin and one for /opt/extras... ) and added them to the setup.py:
data_files=[('/usr/share/polkit-1/actions', ['data/com.ubuntu.pkexec.armorforge.policy']),
('/usr/share/polkit-1/actions', ['data/com.ubuntu.extras.pkexec.armorforge.policy']),
('/usr/bin/', ['data/armorforge-pkexec'])]
)
additionally I added a startscript which uses pkexec for starting the application. It distinguishes between the two places and is used in the Exec-Statement of the desktopfile:
#!/bin/sh
if [ -f /opt/extras.ubuntu.com/armorforge/bin/armorforge ]; then
pkexec "/opt/extras.ubuntu.com/armorforge/bin/armorforge" "$@"
else
pkexec `which armorforge` "$@"
fi
If I simply do a
quickly package
everything will work right. But if I package with extras option:
quickly package --extras
the Exec-statement will be exchanged. Even if I try to simulate the pkexec call via
armorforge-pkexec
It will aks for a password and then returns this:
andre@andre-desktop:~/Entwicklung/Ubuntu/armorforge$ armorforge-pkexec
(armorforge:10108): GLib-GIO-ERROR **: Settings schema 'org.gnome.desktop.interface' is not installed
Trace/breakpoint trap (core dumped)
So ok, I could not trick the opt-thing. How can I make sure, that my Application will run with root priveleges out of opt.
I copied the way of using pkexec from synaptic. My application is for communicating with apparmor which currently has no dbus interface. Else I need to write into /etc/apparmor.d-folder.
How should I deal with the opt-build which, as far as I understand, is required to submit my application to the ubuntu software center.
Thanks for any hints and/or links :-)
