Red Hat Bugzilla – Bug 229195
killall5 (hald_t) generates audit messages during laptop suspend
Last modified: 2007-11-30 17:11:57 EST
Description of problem:
After suspend/resume on my ThinkPad T60p, the sealert tray icon is active and
the setroubleshoot browser presents a fairly sizable number of messages relating
to /sbin/killall5 being unable to access (kill, I assume) processes during the
suspend procedure. The particular function calls seem to mostly ptrace and
sys_ptrace. I'm using enforcing mode, and the system doesn't seem to be
adversely affected AFAICT.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Close lid of laptop to initiate suspend.
2. Wait, then open and resume.
3. Observe sealert icon and read setroubleshoot browser.
Audit log (attached).
Fewer or no such messages?
I stripped out messages generated by my use of ipw3945, which can be safely
ignored if there are any I missed.
Created attachment 148320 [details]
Audit log showing AVC messages on suspend/resume
Should be fixed in selinux-policy-2.4.6-42.fc6
Moving modified bugs to closed