Created attachment 991158 [details]
an output from sealert

Description of problem:

After an upgrade from F20 to F21 the following shows up in logs:

setroubleshoot: Plugin Exception restorecon_source
setroubleshoot: SELinux is preventing /usr/bin/systemctl from using the sys_resource capability. For complete SELinux messages. run sealert -l 45fe5a2c-7d1f-4c4a-8c52-cb5c35b58fcd
python: SELinux is preventing /usr/bin/systemctl from using the sys_resource capability.

That is followed by "***  Plugin sys_resource (91.4 confidence) suggests   ***" and the longwinded writeup (in logs!!!) which ends up with "Do fix the cause of the SYS_RESOURCE on your system" albeit not exactly how.  See below for more.

Version-Release number of selected component (if applicable):
selinux-policy-targeted-3.13.1-105.1.fc21

How reproducible:
Hm ...  this is a freshly updated system.

Additional info:
An output from sealert attached.  A suggested there 'audit2allow' command produces .te file like this:

module mypol 1.0;

require {
	type prelink_cron_system_t;
	class capability sys_resource;
	class process setrlimit;
}

#============= prelink_cron_system_t ==============
allow prelink_cron_system_t self:capability sys_resource;
allow prelink_cron_system_t self:process setrlimit;