login: allow non-console sessions to change vt

When starting a wayland session through a systemd service for a non-root
user, the compositor (based on wlroots) is denied the authorization to
change vt.
Once the user logs in, either through a local console or via ssh, the
compositor can work properly.

This is related to the login polkit policy:
- `allow_inactive` has value `auth_admin_keep`, denying any non-root
  user session the authorization to change vt
- `allow_active` has value `yes`, which explains why the vt change
  becomes possible once the user logs in through another channel

By changing the `allow_inactive` value to `yes`, any user session setup
in a service file can switch vt, allowing wayland sessions for non-root
users.

diff --git a/src/login/org.freedesktop.login1.policy b/src/login/org.freedesktop.login1.policy
index b726634cbf38b11f75643c9afaed4af62b849c77..1b6d85e5f9fb7c33acf5c377f5776d8a3940fc09 100644 (file)
--- a/src/login/org.freedesktop.login1.policy
+++ b/src/login/org.freedesktop.login1.policy
@@ -396,7 +396,7 @@
                 <message gettext-domain="systemd">Authentication is required to change the virtual terminal.</message>
                 <defaults>
                         <allow_any>auth_admin_keep</allow_any>
-                        <allow_inactive>auth_admin_keep</allow_inactive>
+                        <allow_inactive>yes</allow_inactive>
                         <allow_active>yes</allow_active>
                 </defaults>
         </action>