Description of problem: The shipped polkit policy is completely desktop-centric and expects that the admin user is logged in an active local session (ie: a seat in logind parlance, with a monitor and keyboard). This prevents DBus API use when logged in via ssh (and using pkttyagent as your polkit agent) or via Cockpit. The <allow_any> tag in polkit policy applies to non-local sessions. It should be set to something other than 'no' unless the action directly affects hardware of the login seat. Version-Release number of selected component (if applicable): policycoreutils-gui-2.2.5-3.fc20.x86_64
Created attachment 892453 [details] Patch to fix org.selinux.policy
No upstream patch, upstream git repo was hanging ... but I hope attaching the patch here helps.
Thx. Do you use policycoreutils with this patch?
No (at least not yet). I've tried to find all the relevant instances where polkit policy would prevent server use for no good reason, and help provide patches. I haven't run with this patch.
I have added this fix in policycoreutils-2.3-1.fc21
policycoreutils-2.2.5-4.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/policycoreutils-2.2.5-4.fc20
Package policycoreutils-2.2.5-4.fc20: * should fix your issue, * was pushed to the Fedora 20 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing policycoreutils-2.2.5-4.fc20' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2014-6101/policycoreutils-2.2.5-4.fc20 then log in and leave karma (feedback).
policycoreutils-2.2.5-4.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.