[LinuxBender]

Has anyone found a clean way to remove polkit once installed without breaking systemd? On Redhat at least, you have to kickstart the machine without anything that pulls it in. It can't be "disabled" without breaking things and udev will trigger it regardless of the unit file state.

[LinuxBender]

Nobody on serverfault could find a way either. Most of my stuff is Alpine Linux (non-systemd) so not a big issue. At work, we have a lot of CentOS and I just advise folks to keep their kickstart minimal to avoid pulling in polkit.

[JdeBP]

You will have the problem whether or not your system has systemd. It exists in PolicyKit on FreeBSD, for example.

    # setuidgid sint32maxp1 id
    uid=2147483648(sint32maxp1) gid=2147483648 groups=2147483648
    # setuidgid sint32maxp1 pkexec id

    (process:99600): GLib-GObject-WARNING **: value "-2147483648" of type 'gint' is invalid or out of range for property 'uid' of type 'gint'
    uid=0(root) gid=0(wheel) groups=0(wheel),5(operator)
    #

[LinuxBender]

True, but on systems without systemd, I have never seen PolicyKit get installed without explicitly requesting it. On systems with systemd, there are many packages that cause it to get pulled in. Mostly desktop packages, but there are some used on both server and desktop that pollute servers with desktop behavior now, due to the integration in systemd.

[LinuxBender]

FWIW, it looks like Redhat actually fixed the rpm dependencies and you can remove polkit without breaking systemd now.