audit test results on lspp.12 kernel

On the call Monday, I said I'll test on an lspp.12 kernel. I ran our CAPP audit test suite on an x86_64 installed with FC5-t3, and lspp.12 kernel. Audit version 1.1.5. Below are my results .. - All syscall test passed with no problems - object identity (watch) tests (and any other tests that use watches) all failed due to inability to insert watches, I get the following file-basic-key ] returned 255 - Saw some failures in filters tests due the change in the message of adding/removing audit rules in the CONFIG_CHANGE type records. It used to be "added/removed an audit rule" and now it is "add/remove rule to/from list=X"... is there a reason we changed the message? - Saw some failures in trusted programs due to the missing msg='SomeString (ex, gpasswd, password, chage ..etc) field from the audit record in some instances. Our test cases check for that string and are failing if it's not found... Is there a reason this was removed? - Loulwa