audit test results on lspp.10 kernel

In our LSPP concall on Monday I said I'd give our audit tests a try on the latest kernel. I ran our CAPP audit test suite on an ia32 box installed with FC5T2, the lspp.10 kernel, the 1.1.4 audit tools and the MLS policy in permissive mode. This is what I got: fchmod, fchown, fchown32 tests failed to run because the test cases got errors trying to insert a watch. Not sure if this is a kernel/user-space compatibility problem or we just don't have all the new code in yet. The negative test cases for our msgctl-set and semctl-set because they didn't see the right audit records. These tests attempt to remove a message queue or semaphore set with insufficient permissions. Our tests are looking for an IPC record whether the syscall fails or succeeds and I only got one on the success case. Our tests for successful mounts and symlinks failed but I believe its because I got AVC denied messages and that goofed up the way the tests look for the right fields in the audit records. The *xattr tests failed to build so I haven't run those yet. I'll look at the *xattr tests next and also try to set up an x86_64 box. All in all though, not too bad. -- ljk