audit 1.7.8 released

[Steve Grubb]

Hi,

I've just released a new version of the audit daemon. It can be downloaded 
from http://people.redhat.com/sgrubb/audit  It will also be in rawhide  
soon. The Changelog is:

- Fix strict aliasing compiler warnings
- Interpret TTY audit data in auparse (Miloslav Trmač)
- Extract terminal from USER_AVC events for ausearch/report (Peng Haitao)
- Makefile cleanup (Philipp Hahn)
- Add USER_AVCs to aureport's avc reporting (Peng Haitao)
- Get auparse test suites working better
- When apps started by audispd die, restart them if their type is always
- Short circuit hostname resolution in libaudit if host is empty
- Remove selinux policy for zos-remote
- Update libauparse capabilities table
- If log_group and user are not root, don't check dispatcher perms
- Fix a bug when executing "ausearch -te today PM"
- Add --exit search option to ausearch
- Delete root user tests in auparse/test dir
- Improve performance of ausearch/report and drop dead code
- More code cleanups
- Fix parsing config file when kerberos is disabled
- Add new kernel capability event record types

This release fixes a bunch of little bugs in the Makefile, test suites, and 
programs. A couple bug fixes to call out are, when you use log_group as 
non-root user, it tried to open and fstat the event dispatcher, but if you 
are non root, that is usually EPERM and if you have audit rules for EPERM, 
you create audit events everytime you use ausearch.

When GSSAPI support was disabled, it was not able to parse the given config 
file, so that was fixed to parse but ignore the settings.

The performance of ausearch/report should be better now. I think my testing 
showed about 5%-10% improvement. This needs careful testing, though.

And lastly, I added a new option to ausearch to look for exit codes. If for 
example, you needed to find any syscall with EPERM exit, you can now 
do "ausearch --start today --exit -EPERM".

Please let me know if you run across any problems with this release.

-Steve