Currently, at_console="true" matches users on a physically local console, and programs like gnome-volume-manager, gnome-power-manager etc. make heavy use of it. While this is a good concept for things like avahi, where resources do not compete on each other, it is not sufficient for nm-applet or gnome-volume-manager, where concurrent access from multiple users do compete. Therefore, in Ubuntu we added patches to gnome-volume-manager, gnome-power-manager, etc. to not issue dbus calls if their console is not the currently active one (on the foreground). Thus, if two people are logged into the box (user switching), this avoids the race condition 'who will get ownership of the plugged in USB stick' or 'inactive user's gpm issues a suspend, and the active user gets totally surprised by that'. However, checking for this in the particular apps is not only tedious, but also wrong from a security perspective; the dbus calls will still work. To solve this cleanly, I propose a new policy type at_console="foreground", or foreground_console="yes", or similar.
Created attachment 8089 [details] [review] broken attempt to implement this In Ubuntu we experimented with a patch that uses libpam-foreground to implement this policy (unfortunately we didn't rename the option, but kept it as at_console, since by that time we did not have an use case for upstream's semantics; now with avahi we do). Unfortunately it does not work because dbus resolves the policy statically, so changes of the foreground console are not respected. But maybe it has some bits you can recycle.
Upstream GNOME is working with PolicyKit to correctly resolve multi user policy. I suspect we will deprecate at_console for this method of access control.
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.