Created attachment 991158 [details] an output from sealert Description of problem: After an upgrade from F20 to F21 the following shows up in logs: setroubleshoot: Plugin Exception restorecon_source setroubleshoot: SELinux is preventing /usr/bin/systemctl from using the sys_resource capability. For complete SELinux messages. run sealert -l 45fe5a2c-7d1f-4c4a-8c52-cb5c35b58fcd python: SELinux is preventing /usr/bin/systemctl from using the sys_resource capability. That is followed by "*** Plugin sys_resource (91.4 confidence) suggests ***" and the longwinded writeup (in logs!!!) which ends up with "Do fix the cause of the SYS_RESOURCE on your system" albeit not exactly how. See below for more. Version-Release number of selected component (if applicable): selinux-policy-targeted-3.13.1-105.1.fc21 How reproducible: Hm ... this is a freshly updated system. Additional info: An output from sealert attached. A suggested there 'audit2allow' command produces .te file like this: module mypol 1.0; require { type prelink_cron_system_t; class capability sys_resource; class process setrlimit; } #============= prelink_cron_system_t ============== allow prelink_cron_system_t self:capability sys_resource; allow prelink_cron_system_t self:process setrlimit;
I think this bug is a dupe of #1184712
*** This bug has been marked as a duplicate of bug 1184712 ***