Description of problem: I'm seeing an avc denial of grub writing to /var/log/pm-suspend.log when resuming from hibernate. avc: denied { getattr } for comm="01grub" dev=sda1 egid=0 euid=0 exe="/bin/bash" exit=0 fsgid=0 fsuid=0 gid=0 items=0 name="vmlinuz-2.6.20-1.3056.fc7" path="/boot/vmlinuz-2.6.20-1.3056.fc7" pid=9742 scontext=system_u:system_r:hald_t:s0 sgid=0 subj=system_u:system_r:hald_t:s0 suid=0 tclass=file tcontext=system_u:object_r:default_t:s0 tty=(none) uid=0 avc: denied { read } for comm="grubby" dev=sda1 egid=0 euid=0 exe="/sbin/grubby" exit=3 fsgid=0 fsuid=0 gid=0 items=0 name="grub.conf" pid=9747 scontext=system_u:system_r:hald_t:s0 sgid=0 subj=system_u:system_r:hald_t:s0 suid=0 tclass=file tcontext=user_u:object_r:file_t:s0 tty=(none) uid=0 avc: denied { write } for comm="grub" dev=sda3 egid=0 euid=0 exe="/sbin/grub" exit=0 fsgid=0 fsuid=0 gid=0 items=0 name="pm-suspend.log" path="/var/log/pm-suspend.log" pid=9752 scontext=system_u:system_r:bootloader_t:s0 sgid=0 subj=system_u:system_r:bootloader_t:s0 suid=0 tclass=file tcontext=system_u:object_r:hald_log_t:s0 tty=(none) uid=0 Version-Release number of selected component (if applicable): grub-0.97-13.i386 selinux-policy-targeted-2.5.12-1.fc7.noarch
Looks like you have some labeling problems on /boot and grub.conf since they are labeled default_t and unlabeled (file_t). I will update selinux policy to allow bootloader to use pm-suspend.log. Fixed in selinux-policy-2.5.12-3
Should be fixed in the current release