Summary: SELinux is preventing qemu-kvm (svirt_t) "setrlimit" svirt_t. Detailed Description: SELinux denied access requested by qemu-kvm. It is not expected that this access is required by qemu-kvm and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Additional Information: Source Context system_u:system_r:svirt_t:s0:c269,c551 Target Context system_u:system_r:svirt_t:s0:c269,c551 Target Objects None [ process ] Source qemu-kvm Source Path /usr/bin/qemu-kvm Port <Unknown> Host localhost Source RPM Packages qemu-system-x86-0.10.6-5.fc11 Target RPM Packages Policy RPM selinux-policy-3.6.12-82.fc11 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name catchall Host Name dhcp-64.hsv.redhat.com Platform Linux dhcp-64.hsv.redhat.com 2.6.30.5-43.fc11.x86_64 #1 SMP Thu Aug 27 21:39:52 EDT 2009 x86_64 x86_64 Alert Count 1 First Seen Thu 24 Sep 2009 04:39:13 PM CDT Last Seen Thu 24 Sep 2009 04:39:13 PM CDT Local ID 51f6ce79-0eb0-45be-b246-eb32cc45d492 Line Numbers Raw Audit Messages node=localhost type=AVC msg=audit(1253828353.242:74): avc: denied { setrlimit } for pid=12976 comm="qemu-kvm" scontext=system_u:system_r:svirt_t:s0:c269,c551 tcontext=system_u:system_r:svirt_t:s0:c269,c551 tclass=process node=localhost type=SYSCALL msg=audit(1253828353.242:74): arch=c000003e syscall=160 success=no exit=-13 a0=4 a1=7fff810ae0d0 a2=0 a3=3d6a017220 items=0 ppid=12972 pid=12976 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="qemu-kvm" exe="/usr/bin/qemu-kvm" subj=system_u:system_r:svirt_t:s0:c269,c551 key=(null)
I'm pretty sure this is a dup of bug #515521 and you just need latest selinux-policy and the /dev/pts line /etc/fstab changed to be: devpts /dev/pts devpts gid=5,mode=620 0 0 *** This bug has been marked as a duplicate of bug 515521 ***