PolicyKit is an application framework that acts as a negotiator between the
unprivileged user session and the privileged system context. Whenever a
process from the user session tries to carry out an action in the system
context, PolicyKit is queried. Based on its configuration—specified in a
so-called policy
—the answer could be
yes
, no
, or needs
authentication. Unlike classical privilege authorization
programs such as sudo, PolicyKit does not grant root permissions to an
entire process, following the least privilege
concept.