`polkit-126-6.fc43` fails “to authenticate to gain authorization for action” when `org.kde.polkit-kde-authentication-agent-1` is visible.

[RokeJulianLockhart]

What The Problem Is

When I leave kcm_device_automounter’s-spawned org.kde.polkit-kde-authentication-agent-1 window open, I observe an authorisation failure:

1. #!/usr/bin/env sh
   journalctl -f -t polkitd

2. Jan 15 13:20:34 Beedell.RokeJulianLockhart.desktop.SSV2AY polkitd[1110]: Started polkitd version 126
   Jan 15 13:20:42 Beedell.RokeJulianLockhart.desktop.SSV2AY polkitd[1110]: Operator of unix-session:1 FAILED to authenticate to gain authorization for action org.freedesktop.udisks2.filesystem-mount-system for system-bus-name::1.55 [/usr/bin/kded6] (owned by unix-user:RokeJulianLockhart)

This causes subsequent PolKit-dependent command invocations to fail:

Jan 15 11:47:34 Beedell.RokeJulianLockhart.desktop.SSV2AY polkitd[1110]: Operator of unix-session:1 FAILED to authenticate to gain authorization for action org.freedesktop.systemd1.manage-units for system-bus-name::1.481 [run0] (owned by unix-user:RokeJulianLockhart)
Jan 15 11:58:05 Beedell.RokeJulianLockhart.desktop.SSV2AY polkitd[1110]: Operator of unix-session:4 FAILED to authenticate to gain authorization for action org.freedesktop.policykit.exec for unix-process:35880:222290 [/bin/bash] (owned by unix-user:RokeJulianLockhart)

To the user, this manifests as:

RokeJulianLockhart@Beedell:~$ pkexec
Error executing command as another user: Not authorized

This incident has been reported.
RokeJulianLockhart@Beedell:~$ run0
Failed to start transient service unit: Access denied

…until I kdotool windowclose $(kdotool getactivewindow), on it:

@.Date.20260115T132541+0000.Type.Video.Origin.webm

How To Reproduce It

1. 1. #!/usr/bin/env sh
      kcmshell6 kcm_device_automounter --highlight

   2. 

2. #!/usr/bin/env sh
   qdbus-qt6 org.kde.Shutdown /Shutdown org.kde.Shutdown.logout && \
   startplasma-wayland

3. 1. Alt + F2 (krunner)

   2. #!/usr/bin/env sh
      konsole -c 'sh -c journalctl -f -t polkitd' &
      konsole -c 'sh -c pkexec'

Expected Behaviour

The window being open shouldn't prevent basic authentication processes from functioning.

However, if remediating that problem is insurmountable, the consequence of leaving the window open should be made obvious. That would be KDE's purview, but would require triage here to incentivise them.

Screenshots

When I am allowed to authenticate these, I observe:

^{1 2}

My Environment

• OS

  1. #!/usr/bin/env sh
     cat /etc/os-release | jc --ini | jq 'with_entries(.value |= (if type=="string" and test("^[0-9]+$") then tonumber else . end))| {VARIANT, NAME, VERSION_ID}' | yq -P

  2. NAME: Fedora Linux
     VERSION_ID: 43
     VARIANT: KDE Plasma Desktop Edition

• DE

  1. #!/usr/bin/env sh
     kinfo | yq -P

  2. KDE Plasma Version: 6.5.4
     KDE Frameworks Version: 6.22.0
     Qt Version: 6.10.1

• PolKit

  1. #!/usr/bin/env sh
     rpm -qi polkit

  2. Version     : 126
     Release     : 6.fc43
     Architecture: x86_64
     Install Date: Thu 30 Oct 2025 20:49:10 GMT
     Size        : 470985
     Signature   :
                   RSA/SHA256, Sat 26 Jul 2025 23:34:57 BST, Key ID 829b606631645531
     Source RPM  : polkit-126-6.fc43.src.rpm
     Build Date  : Fri 25 Jul 2025 20:01:23 BST
     Build Host  : buildvm-x86-24.rdu3.fedoraproject.org
     Packager    : Fedora Project
     Vendor      : Fedora Project
     Bug URL     : https://bugz.fedoraproject.org/polkit

Additional Context

This was originally reported to discussion.fedoraproject.org/t/177866/37.

Footnotes

1. bugs.kde.org/attachment.cgi?id=185336 ↩

2. bugs.kde.org/attachment.cgi?id=186855 ↩