svn commit: r335679 - head/tests/sys/audit

Tue Jun 26 20:26:58 UTC 2018

Author: asomers
Date: Tue Jun 26 20:26:57 2018
New Revision: 335679
URL: https://svnweb.freebsd.org/changeset/base/335679

Log:
  audit(4): add tests for the process-control audit class
  
  Tested syscalls include rfork(2), chdir(2), fchdir(2), chroot(2),
  getresuid(2), getresgid(2), setpriority(2), setgroups(2), setpgrp(2),
  setrlimit(2), setlogin(2), mlock(2), munlock(2), minherit(2), rtprio(2),
  profil(2), ktrace(2), ptrace(2), fork(2), umask(2), setuid(2), setgid(2),
  seteuid(2), and setegid(2).  The last six are only tested in the success
  case, either because they're infalliable or a failure is difficult to cause
  on-demand.
  
  Submitted by:	aniketp
  MFC after:	2 weeks
  Sponsored by:	Google, Inc. (GSoC 2018)
  Differential Revision:	https://reviews.freebsd.org/D15966

Added:
  head/tests/sys/audit/process-control.c   (contents, props changed)
Modified:
  head/tests/sys/audit/Makefile

Modified: head/tests/sys/audit/Makefile
==============================================================================

--- head/tests/sys/audit/Makefile	Tue Jun 26 19:57:47 2018	(r335678)
+++ head/tests/sys/audit/Makefile	Tue Jun 26 20:26:57 2018	(r335679)
@@ -14,6 +14,7 @@ ATF_TESTS_C+=	ioctl
 ATF_TESTS_C+=	network
 ATF_TESTS_C+=	inter-process
 ATF_TESTS_C+=	administrative
+ATF_TESTS_C+=	process-control
 
 SRCS.file-attribute-access+=	file-attribute-access.c
 SRCS.file-attribute-access+=	utils.c
@@ -39,6 +40,8 @@ SRCS.inter-process+=		inter-process.c
 SRCS.inter-process+=		utils.c
 SRCS.administrative+=		administrative.c
 SRCS.administrative+=		utils.c
+SRCS.process-control+=		process-control.c
+SRCS.process-control+=		utils.c
 
 TEST_METADATA+= timeout="30"
 TEST_METADATA+= required_user="root"

Added: head/tests/sys/audit/process-control.c
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/tests/sys/audit/process-control.c	Tue Jun 26 20:26:57 2018	(r335679)
@@ -0,0 +1,1265 @@
+/*-
+ * Copyright (c) 2018 Aniket Pandey
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * SUCH DAMAGE.
+ *
+ * $FreeBSD$
+ */
+
+#include <sys/param.h>
+#include <sys/uio.h>
+#include <sys/ktrace.h>
+#include <sys/mman.h>
+#include <sys/ptrace.h>
+#include <sys/resource.h>
+#include <sys/rtprio.h>
+#include <sys/stat.h>
+#include <sys/time.h>
+#include <sys/wait.h>
+
+#include <atf-c.h>
+#include <fcntl.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+#include "utils.h"
+
+static pid_t pid;
+static int filedesc, status;
+static struct pollfd fds[1];
+static char pcregex[80];
+static const char *auclass = "pc";
+
+
+ATF_TC_WITH_CLEANUP(fork_success);
+ATF_TC_HEAD(fork_success, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+					"fork(2) call");
+}
+
+ATF_TC_BODY(fork_success, tc)
+{
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "fork.*%d.*return,success", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	/* Check if fork(2) succeded. If so, exit from the child process */
+	ATF_REQUIRE((pid = fork()) != -1);
+	if (pid)
+		check_audit(fds, pcregex, pipefd);
+	else
+		_exit(0);
+
+}
+
+ATF_TC_CLEANUP(fork_success, tc)
+{
+	cleanup();
+}
+
+/*
+ * No fork(2) in failure mode since possibilities for failure are only when
+ * user is not privileged or when the number of processes exceed KERN_MAXPROC.
+ */
+
+
+ATF_TC_WITH_CLEANUP(rfork_success);
+ATF_TC_HEAD(rfork_success, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+					"rfork(2) call");
+}
+
+ATF_TC_BODY(rfork_success, tc)
+{
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "rfork.*%d.*return,success", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	ATF_REQUIRE((pid = rfork(RFPROC)) != -1);
+	if (pid)
+		check_audit(fds, pcregex, pipefd);
+	else
+		_exit(0);
+
+}
+
+ATF_TC_CLEANUP(rfork_success, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(rfork_failure);
+ATF_TC_HEAD(rfork_failure, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+					"rfork(2) call");
+}
+
+ATF_TC_BODY(rfork_failure, tc)
+{
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "rfork.*%d.*return,failure", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	/* Failure reason: Invalid argument */
+	ATF_REQUIRE_EQ(-1, rfork(-1));
+	check_audit(fds, pcregex, pipefd);
+}
+
+ATF_TC_CLEANUP(rfork_failure, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(chdir_success);
+ATF_TC_HEAD(chdir_success, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+					"chdir(2) call");
+}
+
+ATF_TC_BODY(chdir_success, tc)
+{
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "chdir.*/.*%d.*return,success", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	ATF_REQUIRE_EQ(0, chdir("/"));
+	check_audit(fds, pcregex, pipefd);
+}
+
+ATF_TC_CLEANUP(chdir_success, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(chdir_failure);
+ATF_TC_HEAD(chdir_failure, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+					"chdir(2) call");
+}
+
+ATF_TC_BODY(chdir_failure, tc)
+{
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "chdir.*%d.*return,failure", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	/* Failure reason: Bad address */
+	ATF_REQUIRE_EQ(-1, chdir(NULL));
+	check_audit(fds, pcregex, pipefd);
+}
+
+ATF_TC_CLEANUP(chdir_failure, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(fchdir_success);
+ATF_TC_HEAD(fchdir_success, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+					"fchdir(2) call");
+}
+
+ATF_TC_BODY(fchdir_success, tc)
+{
+	/* Build an absolute path to the test-case directory */
+	char dirpath[50];
+	ATF_REQUIRE(getcwd(dirpath, sizeof(dirpath)) != NULL);
+	ATF_REQUIRE((filedesc = open(dirpath, O_RDONLY)) != -1);
+
+	/* Audit record generated by fchdir(2) does not contain filedesc */
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "fchdir.*%d.*return,success", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	ATF_REQUIRE_EQ(0, fchdir(filedesc));
+	check_audit(fds, pcregex, pipefd);
+	close(filedesc);
+}
+
+ATF_TC_CLEANUP(fchdir_success, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(fchdir_failure);
+ATF_TC_HEAD(fchdir_failure, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+					"fchdir(2) call");
+}
+
+ATF_TC_BODY(fchdir_failure, tc)
+{
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "fchdir.*%d.*return,failure", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	/* Failure reason: Bad directory address */
+	ATF_REQUIRE_EQ(-1, fchdir(-1));
+	check_audit(fds, pcregex, pipefd);
+}
+
+ATF_TC_CLEANUP(fchdir_failure, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(chroot_success);
+ATF_TC_HEAD(chroot_success, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+					"chroot(2) call");
+}
+
+ATF_TC_BODY(chroot_success, tc)
+{
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "chroot.*%d.*return,success", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	/* We don't want to change the root directory, hence '/' */
+	ATF_REQUIRE_EQ(0, chroot("/"));
+	check_audit(fds, pcregex, pipefd);
+}
+
+ATF_TC_CLEANUP(chroot_success, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(chroot_failure);
+ATF_TC_HEAD(chroot_failure, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+					"chroot(2) call");
+}
+
+ATF_TC_BODY(chroot_failure, tc)
+{
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "chroot.*%d.*return,failure", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	ATF_REQUIRE_EQ(-1, chroot(NULL));
+	check_audit(fds, pcregex, pipefd);
+}
+
+ATF_TC_CLEANUP(chroot_failure, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(umask_success);
+ATF_TC_HEAD(umask_success, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+					"umask(2) call");
+}
+
+ATF_TC_BODY(umask_success, tc)
+{
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "umask.*%d.*return,success", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	umask(0);
+	check_audit(fds, pcregex, pipefd);
+}
+
+ATF_TC_CLEANUP(umask_success, tc)
+{
+	cleanup();
+}
+
+/*
+ * umask(2) system call never fails. Hence, no test case for failure mode
+ */
+
+
+ATF_TC_WITH_CLEANUP(setuid_success);
+ATF_TC_HEAD(setuid_success, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+					"setuid(2) call");
+}
+
+ATF_TC_BODY(setuid_success, tc)
+{
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "setuid.*%d.*return,success", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	/* Since we're privileged, we'll let ourselves be privileged! */
+	ATF_REQUIRE_EQ(0, setuid(0));
+	check_audit(fds, pcregex, pipefd);
+}
+
+ATF_TC_CLEANUP(setuid_success, tc)
+{
+	cleanup();
+}
+
+/*
+ * setuid(2) fails only when the current user is not root. So no test case for
+ * failure mode since the required_user="root"
+ */
+
+
+ATF_TC_WITH_CLEANUP(seteuid_success);
+ATF_TC_HEAD(seteuid_success, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+					"seteuid(2) call");
+}
+
+ATF_TC_BODY(seteuid_success, tc)
+{
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "seteuid.*%d.*return,success", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	/* This time, we'll let ourselves be 'effectively' privileged! */
+	ATF_REQUIRE_EQ(0, seteuid(0));
+	check_audit(fds, pcregex, pipefd);
+}
+
+ATF_TC_CLEANUP(seteuid_success, tc)
+{
+	cleanup();
+}
+
+/*
+ * seteuid(2) fails only when the current user is not root. So no test case for
+ * failure mode since the required_user="root"
+ */
+
+
+ATF_TC_WITH_CLEANUP(setgid_success);
+ATF_TC_HEAD(setgid_success, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+					"setgid(2) call");
+}
+
+ATF_TC_BODY(setgid_success, tc)
+{
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "setgid.*%d.*return,success", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	ATF_REQUIRE_EQ(0, setgid(0));
+	check_audit(fds, pcregex, pipefd);
+}
+
+ATF_TC_CLEANUP(setgid_success, tc)
+{
+	cleanup();
+}
+
+/*
+ * setgid(2) fails only when the current user is not root. So no test case for
+ * failure mode since the required_user="root"
+ */
+
+
+ATF_TC_WITH_CLEANUP(setegid_success);
+ATF_TC_HEAD(setegid_success, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+					"setegid(2) call");
+}
+
+ATF_TC_BODY(setegid_success, tc)
+{
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "setegid.*%d.*return,success", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	ATF_REQUIRE_EQ(0, setegid(0));
+	check_audit(fds, pcregex, pipefd);
+}
+
+ATF_TC_CLEANUP(setegid_success, tc)
+{
+	cleanup();
+}
+
+/*
+ * setegid(2) fails only when the current user is not root. So no test case for
+ * failure mode since the required_user="root"
+ */
+
+
+ATF_TC_WITH_CLEANUP(setregid_success);
+ATF_TC_HEAD(setregid_success, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+					"setregid(2) call");
+}
+
+ATF_TC_BODY(setregid_success, tc)
+{
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "setregid.*%d.*return,success", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	/* setregid(-1, -1) does not change any real or effective GIDs */
+	ATF_REQUIRE_EQ(0, setregid(-1, -1));
+	check_audit(fds, pcregex, pipefd);
+}
+
+ATF_TC_CLEANUP(setregid_success, tc)
+{
+	cleanup();
+}
+
+/*
+ * setregid(2) fails only when the current user is not root. So no test case for
+ * failure mode since the required_user="root"
+ */
+
+
+ATF_TC_WITH_CLEANUP(setreuid_success);
+ATF_TC_HEAD(setreuid_success, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+					"setreuid(2) call");
+}
+
+ATF_TC_BODY(setreuid_success, tc)
+{
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "setreuid.*%d.*return,success", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	/* setreuid(-1, -1) does not change any real or effective UIDs */
+	ATF_REQUIRE_EQ(0, setreuid(-1, -1));
+	check_audit(fds, pcregex, pipefd);
+}
+
+ATF_TC_CLEANUP(setreuid_success, tc)
+{
+	cleanup();
+}
+
+/*
+ * setregid(2) fails only when the current user is not root. So no test case for
+ * failure mode since the required_user="root"
+ */
+
+
+ATF_TC_WITH_CLEANUP(setresuid_success);
+ATF_TC_HEAD(setresuid_success, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+					"setresuid(2) call");
+}
+
+ATF_TC_BODY(setresuid_success, tc)
+{
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "setresuid.*%d.*return,success", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	/* setresuid(-1, -1, -1) does not change real, effective & saved UIDs */
+	ATF_REQUIRE_EQ(0, setresuid(-1, -1, -1));
+	check_audit(fds, pcregex, pipefd);
+}
+
+ATF_TC_CLEANUP(setresuid_success, tc)
+{
+	cleanup();
+}
+
+/*
+ * setresuid(2) fails only when the current user is not root. So no test case
+ * for failure mode since the required_user="root"
+ */
+
+
+ATF_TC_WITH_CLEANUP(setresgid_success);
+ATF_TC_HEAD(setresgid_success, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+					"setresgid(2) call");
+}
+
+ATF_TC_BODY(setresgid_success, tc)
+{
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "setresgid.*%d.*ret.*success", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	/* setresgid(-1, -1, -1) does not change real, effective & saved GIDs */
+	ATF_REQUIRE_EQ(0, setresgid(-1, -1, -1));
+	check_audit(fds, pcregex, pipefd);
+}
+
+ATF_TC_CLEANUP(setresgid_success, tc)
+{
+	cleanup();
+}
+
+/*
+ * setresgid(2) fails only when the current user is not root. So no test case
+ * for failure mode since the required_user="root"
+ */
+
+
+ATF_TC_WITH_CLEANUP(getresuid_success);
+ATF_TC_HEAD(getresuid_success, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+					"getresuid(2) call");
+}
+
+ATF_TC_BODY(getresuid_success, tc)
+{
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "getresuid.*%d.*ret.*success", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	ATF_REQUIRE_EQ(0, getresuid(NULL, NULL, NULL));
+	check_audit(fds, pcregex, pipefd);
+}
+
+ATF_TC_CLEANUP(getresuid_success, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(getresuid_failure);
+ATF_TC_HEAD(getresuid_failure, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+					"getresuid(2) call");
+}
+
+ATF_TC_BODY(getresuid_failure, tc)
+{
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "getresuid.*%d.*ret.*failure", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	/* Failure reason: Invalid address "-1" */
+	ATF_REQUIRE_EQ(-1, getresuid((uid_t *)-1, NULL, NULL));
+	check_audit(fds, pcregex, pipefd);
+}
+
+ATF_TC_CLEANUP(getresuid_failure, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(getresgid_success);
+ATF_TC_HEAD(getresgid_success, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+					"getresgid(2) call");
+}
+
+ATF_TC_BODY(getresgid_success, tc)
+{
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "getresgid.*%d.*ret.*success", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	ATF_REQUIRE_EQ(0, getresgid(NULL, NULL, NULL));
+	check_audit(fds, pcregex, pipefd);
+}
+
+ATF_TC_CLEANUP(getresgid_success, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(getresgid_failure);
+ATF_TC_HEAD(getresgid_failure, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+					"getresgid(2) call");
+}
+
+ATF_TC_BODY(getresgid_failure, tc)
+{
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "getresgid.*%d.*ret.*failure", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	/* Failure reason: Invalid address "-1" */
+	ATF_REQUIRE_EQ(-1, getresgid((gid_t *)-1, NULL, NULL));
+	check_audit(fds, pcregex, pipefd);
+}
+
+ATF_TC_CLEANUP(getresgid_failure, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(setpriority_success);
+ATF_TC_HEAD(setpriority_success, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+					"setpriority(2) call");
+}
+
+ATF_TC_BODY(setpriority_success, tc)
+{
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "setpriority.*%d.*success", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	ATF_REQUIRE_EQ(0, setpriority(PRIO_PROCESS, 0, 0));
+	check_audit(fds, pcregex, pipefd);
+}
+
+ATF_TC_CLEANUP(setpriority_success, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(setpriority_failure);
+ATF_TC_HEAD(setpriority_failure, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+					"setpriority(2) call");
+}
+
+ATF_TC_BODY(setpriority_failure, tc)
+{
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "setpriority.*%d.*failure", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	ATF_REQUIRE_EQ(-1, setpriority(-1, -1, -1));
+	check_audit(fds, pcregex, pipefd);
+}
+
+ATF_TC_CLEANUP(setpriority_failure, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(setgroups_success);
+ATF_TC_HEAD(setgroups_success, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+					"setgroups(2) call");
+}
+
+ATF_TC_BODY(setgroups_success, tc)
+{
+	gid_t gids[5];
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "setgroups.*%d.*ret.*success", pid);
+	/* Retrieve the current group access list to be used with setgroups */
+	ATF_REQUIRE(getgroups(sizeof(gids)/sizeof(gids[0]), gids) != -1);
+
+	FILE *pipefd = setup(fds, auclass);
+	ATF_REQUIRE_EQ(0, setgroups(sizeof(gids)/sizeof(gids[0]), gids));
+	check_audit(fds, pcregex, pipefd);
+}
+
+ATF_TC_CLEANUP(setgroups_success, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(setgroups_failure);
+ATF_TC_HEAD(setgroups_failure, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+					"setgroups(2) call");
+}
+
+ATF_TC_BODY(setgroups_failure, tc)
+{
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "setgroups.*%d.*ret.*failure", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	ATF_REQUIRE_EQ(-1, setgroups(-1, NULL));
+	check_audit(fds, pcregex, pipefd);
+}
+
+ATF_TC_CLEANUP(setgroups_failure, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(setpgrp_success);
+ATF_TC_HEAD(setpgrp_success, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+					"setpgrp(2) call");
+}
+
+ATF_TC_BODY(setpgrp_success, tc)
+{
+	/* Main procedure is carried out from within the child process */
+	ATF_REQUIRE((pid = fork()) != -1);
+	if (pid) {
+		ATF_REQUIRE(wait(&status) != -1);
+	} else {
+		pid = getpid();
+		snprintf(pcregex, sizeof(pcregex), "setpgrp.*%d.*success", pid);
+
+		FILE *pipefd = setup(fds, auclass);
+		ATF_REQUIRE_EQ(0, setpgrp(0, 0));
+		check_audit(fds, pcregex, pipefd);
+	}
+}
+
+ATF_TC_CLEANUP(setpgrp_success, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(setpgrp_failure);
+ATF_TC_HEAD(setpgrp_failure, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+					"setpgrp(2) call");
+}
+
+ATF_TC_BODY(setpgrp_failure, tc)
+{
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "setpgrp.*%d.*return,failure", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	ATF_REQUIRE_EQ(-1, setpgrp(-1, -1));
+	check_audit(fds, pcregex, pipefd);
+}
+
+ATF_TC_CLEANUP(setpgrp_failure, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(setrlimit_success);
+ATF_TC_HEAD(setrlimit_success, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+					"setrlimit(2) call");
+}
+
+ATF_TC_BODY(setrlimit_success, tc)
+{
+	struct rlimit rlp;
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "setrlimit.*%d.*ret.*success", pid);
+	/* Retrieve the system resource consumption limit to be used later on */
+	ATF_REQUIRE_EQ(0, getrlimit(RLIMIT_FSIZE, &rlp));
+
+	FILE *pipefd = setup(fds, auclass);
+	ATF_REQUIRE_EQ(0, setrlimit(RLIMIT_FSIZE, &rlp));
+	check_audit(fds, pcregex, pipefd);
+}
+
+ATF_TC_CLEANUP(setrlimit_success, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(setrlimit_failure);
+ATF_TC_HEAD(setrlimit_failure, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+					"setrlimit(2) call");
+}
+
+ATF_TC_BODY(setrlimit_failure, tc)
+{
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "setrlimit.*%d.*ret.*failure", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	ATF_REQUIRE_EQ(-1, setrlimit(RLIMIT_FSIZE, NULL));
+	check_audit(fds, pcregex, pipefd);
+}
+
+ATF_TC_CLEANUP(setrlimit_failure, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(mlock_success);
+ATF_TC_HEAD(mlock_success, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+					"mlock(2) call");
+}
+
+ATF_TC_BODY(mlock_success, tc)
+{
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "mlock.*%d.*return,success", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	ATF_REQUIRE_EQ(0, mlock(NULL, 0));
+	check_audit(fds, pcregex, pipefd);
+}
+
+ATF_TC_CLEANUP(mlock_success, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(mlock_failure);
+ATF_TC_HEAD(mlock_failure, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+					"mlock(2) call");
+}
+
+ATF_TC_BODY(mlock_failure, tc)
+{
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "mlock.*%d.*return,failure", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	ATF_REQUIRE_EQ(-1, mlock((void *)(-1), -1));
+	check_audit(fds, pcregex, pipefd);
+}
+
+ATF_TC_CLEANUP(mlock_failure, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(munlock_success);
+ATF_TC_HEAD(munlock_success, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+					"munlock(2) call");
+}
+
+ATF_TC_BODY(munlock_success, tc)
+{
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "munlock.*%d.*return,success", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	ATF_REQUIRE_EQ(0, munlock(NULL, 0));
+	check_audit(fds, pcregex, pipefd);
+}
+
+ATF_TC_CLEANUP(munlock_success, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(munlock_failure);
+ATF_TC_HEAD(munlock_failure, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+					"munlock(2) call");
+}
+
+ATF_TC_BODY(munlock_failure, tc)
+{
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "munlock.*%d.*return,failure", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	ATF_REQUIRE_EQ(-1, munlock((void *)(-1), -1));
+	check_audit(fds, pcregex, pipefd);
+}
+
+ATF_TC_CLEANUP(munlock_failure, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(minherit_success);
+ATF_TC_HEAD(minherit_success, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+					"minherit(2) call");
+}
+
+ATF_TC_BODY(minherit_success, tc)
+{
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "minherit.*%d.*return,success", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	ATF_REQUIRE_EQ(0, minherit(NULL, 0, INHERIT_ZERO));
+	check_audit(fds, pcregex, pipefd);
+}
+
+ATF_TC_CLEANUP(minherit_success, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(minherit_failure);
+ATF_TC_HEAD(minherit_failure, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+					"minherit(2) call");
+}
+
+ATF_TC_BODY(minherit_failure, tc)
+{
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "minherit.*%d.*return,failure", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	ATF_REQUIRE_EQ(-1, minherit((void *)(-1), -1, 0));
+	check_audit(fds, pcregex, pipefd);
+}
+
+ATF_TC_CLEANUP(minherit_failure, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(setlogin_success);
+ATF_TC_HEAD(setlogin_success, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+					"setlogin(2) call");
+}
+
+ATF_TC_BODY(setlogin_success, tc)

*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
