Comment 3 for bug 1642669

Suggestion from security team to unblock this

the simplest path forward for you is to create a unity8-policykit interface that launches the dbus system service and ships all the pk policy you want to use. then the pk agent talks to that. longer term, that could be broken out into a policykit snap and interfaces would add the policykit policy via the policykit backend-- that is tricky though-- we don't have a way for snaps to ship backends or conditionally depend on backends

you ship pk and all the policy for what unity8 needs yourself which should unblock you. this would include network-manager pk policy though, which is not the right place for it. the network-manager interface should have the pk policy encoded in it like it does the dbus policy, etc

I don't like the bundling of polkitd but I also don't see any other immediate way forward