Description of problem: After suspend/resume on my ThinkPad T60p, the sealert tray icon is active and the setroubleshoot browser presents a fairly sizable number of messages relating to /sbin/killall5 being unable to access (kill, I assume) processes during the suspend procedure. The particular function calls seem to mostly ptrace and sys_ptrace. I'm using enforcing mode, and the system doesn't seem to be adversely affected AFAICT. Version-Release number of selected component (if applicable): 2.4.6-37.fc6 How reproducible: Every time. Steps to Reproduce: 1. Close lid of laptop to initiate suspend. 2. Wait, then open and resume. 3. Observe sealert icon and read setroubleshoot browser. Actual results: Audit log (attached). Expected results: Fewer or no such messages? Additional info: I stripped out messages generated by my use of ipw3945, which can be safely ignored if there are any I missed.
Created attachment 148320 [details] Audit log showing AVC messages on suspend/resume
Should be fixed in selinux-policy-2.4.6-42.fc6
Moving modified bugs to closed