From Debian package 0.2.20100524-4

  * Remove mcskillall and mcsptraceall from unconfined_t, the sysadmin should
    have unconfined_t:SystemLow-SystemHigh.

Index: policy/modules/system/unconfined.te
===================================================================
--- policy/modules/system/unconfined.te.orig
+++ policy/modules/system/unconfined.te
@@ -39,9 +39,6 @@
 
 files_create_boot_flag(unconfined_t)
 
-mcs_killall(unconfined_t)
-mcs_ptrace_all(unconfined_t)
-
 allow unconfined_r system_r;
 
 init_run_daemon(unconfined_t, unconfined_r, { unconfined_devpts_t unconfined_tty_device_t })