Description of problem:
Use of at_console="true" in the DBus policy file makes policycoreutils hard to use on servers, where users are logged in via ssh, or via Cockpit, but not at a console.
at_console="true" is a real old relic, that was never really implemented. Modern services should be using polkit.
For example, NetworkManager moved away from it for the same reasons (want to be usable on servers): bug #979416
Version-Release number of selected component (if applicable):
system.d/org.selinux.conf: <policy at_console="true">
What do I replace it with. just allow any one to get the access?
Usually yes. Unless your service has a special need to differentiate console users from other users ... in which case you would put that into your polkit policy (see <allow_inactive> and <allow_active>).
It goes without saying that you should usually treat privileged callers (ie: root and admins) differently from unprivileged callers. But unless you're managing hardware or seat specific resources that has nothing to do with whether they're at a console or not.
Fixed in policycoreutils-2.2.5-4.fc20
policycoreutils-2.2.5-4.fc20 has been submitted as an update for Fedora 20.
* should fix your issue,
* was pushed to the Fedora 20 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing policycoreutils-2.2.5-4.fc20'
as soon as you are able to.
Please go to the following url:
then log in and leave karma (feedback).
policycoreutils-2.2.5-4.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.