Kernel patches needed

[Steve Grubb]

Hi,

I was just doing some validation work to make sure the newly converted 
ausearch is producing the exact same output as it used to...and found a couple 
items that needs patching.

1) AUDIT_TTY events are not recording a subject field.
2) AVC records can sometimes have dev="md1". The dev field is documented as 
being the numeric device number. Cases like this should be changed to 
"devname" which can be encoded.
3) We might need a supplemental record for *setxattr. The flags field is the 
fifth argument and not recorded anywhere.

Thanks,
-Steve