The following changes introduce a new test-program exec, which contains the tests for
execve(2) and fexecve(2) system calls of ex audit class.
However, there is a certain descrepancy in the regex expression of tests for both syscalls
in success mode. Instead of the conventional return,success. The following regex has been
incorporated.
const char *regex = "fexecve.*sample-argument.*Unknown error: 201";
Reason is explained in the test-program:
fexecve(2) overlays the calling process in successful invocation.
Hence, audit(4) does not get any return value in the event token
for fexecve(2) due to which, it simply places BSM_ERRNO_UNKNOWN
as the ar->ar_errno field.
Please see: sys/security/audit/bsm_errno.c#L728