Description of problem: It seems that polkit fails to load rules from /etc/polkit-1/rules.d. I've created the following file for libvirt permissions ("tn" is my username), polkit.addRule(function(action, subject) { if (subject.user == "tn" && action.id == "org.libvirt.unix.manage") return polkit.Result.YES; }); restarted polkit and I was still prompted for password by virt-manager. Meanwhile, this was logged by polkit: # systemctl status polkit -l ● polkit.service - Authorization Manager Loaded: loaded (/usr/lib/systemd/system/polkit.service; static; vendor preset: enabled) Active: active (running) since Ne 2015-12-06 23:08:32 CET; 4min 45s ago [...SNIP...] pro 06 23:08:32 kyou polkitd[27310]: Started polkitd version 0.113 pro 06 23:08:32 kyou polkitd[27310]: Loading rules from directory /etc/polkit-1/rules.d pro 06 23:08:32 kyou polkitd[27310]: Error opening rules directory: Error opening directory '/etc/polkit-1/rules.d': Permission denied (g-file-error-quark, 2) pro 06 23:08:32 kyou polkitd[27310]: Loading rules from directory /usr/share/polkit-1/rules.d pro 06 23:08:32 kyou polkitd[27310]: Finished loading, compiling and executing 2 rules [...SNIP...] # ls -ldZ /etc/polkit-1/rules.d drwx------. 1 root root system_u:object_r:etc_t:s0 144 6. pro 23.08 /etc/polkit-1/rules.d # ps -efZ|grep polkit system_u:system_r:policykit_t:s0 polkitd 27310 1 0 23:08 ? 00:00:00 /usr/lib/polkit-1/polkitd --no-debug There wasn't any SELinux AVC alert. Note that afterwards I found that rules for libvirt are actually in /usr/share/polkit-1/rules.d/50-libvirt.rules so I'm just going to add myself into libvirt group. But this seems like a bug nevertheless. Version-Release number of selected component (if applicable): polkit-0.113-4.fc23.x86_64
Thanks for your report. Can you reproduce it on a fresh install? The permissions are supposed to be > drwx------. polkitd root system_u:object_r:etc_t:s0 so either the package is not being installed properly, or the ownership was changed by your editing process. If the permissions are correct on a fresh install, but you can reproducibly change them by the the tool you used to create the new file, that might be also a bug worth fixing, in that tool.
Hello. Sorry, this was probably my fault during migration of /etc from old installation. After `dnf reinstall polkit` the permissions appear to be as you wrote. (I actually tried to reinstall it before but for some reason I didn't notice it's fine. I was probably looking at /etc/polkit-1.)