Comment 12 for bug 37181

Currently, at_console="true" matches users on a physically local console, and
programs like gnome-volume-manager, gnome-power-manager etc. make heavy use of it.

While this is a good concept for things like avahi, where resources do not
compete on each other, it is not sufficient for nm-applet or
gnome-volume-manager, where concurrent access from multiple users do compete.

Therefore, in Ubuntu we added patches to gnome-volume-manager,
gnome-power-manager, etc. to not issue dbus calls if their console is not the
currently active one (on the foreground). Thus, if two people are logged into
the box (user switching), this avoids the race condition 'who will get ownership
of the plugged in USB stick' or 'inactive user's gpm issues a suspend, and the
active user gets totally surprised by that'.

However, checking for this in the particular apps is not only tedious, but also
wrong from a security perspective; the dbus calls will still work.

To solve this cleanly, I propose a new policy type at_console="foreground", or
foreground_console="yes", or similar.