Index: head/tests/sys/audit/Makefile
===================================================================
--- head/tests/sys/audit/Makefile
+++ head/tests/sys/audit/Makefile
@@ -14,6 +14,7 @@
 ATF_TESTS_C+=	network
 ATF_TESTS_C+=	inter-process
 ATF_TESTS_C+=	administrative
+ATF_TESTS_C+=	process-control
 
 SRCS.file-attribute-access+=	file-attribute-access.c
 SRCS.file-attribute-access+=	utils.c
@@ -39,6 +40,8 @@
 SRCS.inter-process+=		utils.c
 SRCS.administrative+=		administrative.c
 SRCS.administrative+=		utils.c
+SRCS.process-control+=		process-control.c
+SRCS.process-control+=		utils.c
 
 TEST_METADATA+= timeout="30"
 TEST_METADATA+= required_user="root"
Index: head/tests/sys/audit/process-control.c
===================================================================
--- head/tests/sys/audit/process-control.c
+++ head/tests/sys/audit/process-control.c
@@ -0,0 +1,1265 @@
+/*-
+ * Copyright (c) 2018 Aniket Pandey
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * SUCH DAMAGE.
+ *
+ * $FreeBSD$
+ */
+
+#include <sys/param.h>
+#include <sys/uio.h>
+#include <sys/ktrace.h>
+#include <sys/mman.h>
+#include <sys/ptrace.h>
+#include <sys/resource.h>
+#include <sys/rtprio.h>
+#include <sys/stat.h>
+#include <sys/time.h>
+#include <sys/wait.h>
+
+#include <atf-c.h>
+#include <fcntl.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+#include "utils.h"
+
+static pid_t pid;
+static int filedesc, status;
+static struct pollfd fds[1];
+static char pcregex[80];
+static const char *auclass = "pc";
+
+
+ATF_TC_WITH_CLEANUP(fork_success);
+ATF_TC_HEAD(fork_success, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+					"fork(2) call");
+}
+
+ATF_TC_BODY(fork_success, tc)
+{
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "fork.*%d.*return,success", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	/* Check if fork(2) succeded. If so, exit from the child process */
+	ATF_REQUIRE((pid = fork()) != -1);
+	if (pid)
+		check_audit(fds, pcregex, pipefd);
+	else
+		_exit(0);
+
+}
+
+ATF_TC_CLEANUP(fork_success, tc)
+{
+	cleanup();
+}
+
+/*
+ * No fork(2) in failure mode since possibilities for failure are only when
+ * user is not privileged or when the number of processes exceed KERN_MAXPROC.
+ */
+
+
+ATF_TC_WITH_CLEANUP(rfork_success);
+ATF_TC_HEAD(rfork_success, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+					"rfork(2) call");
+}
+
+ATF_TC_BODY(rfork_success, tc)
+{
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "rfork.*%d.*return,success", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	ATF_REQUIRE((pid = rfork(RFPROC)) != -1);
+	if (pid)
+		check_audit(fds, pcregex, pipefd);
+	else
+		_exit(0);
+
+}
+
+ATF_TC_CLEANUP(rfork_success, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(rfork_failure);
+ATF_TC_HEAD(rfork_failure, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+					"rfork(2) call");
+}
+
+ATF_TC_BODY(rfork_failure, tc)
+{
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "rfork.*%d.*return,failure", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	/* Failure reason: Invalid argument */
+	ATF_REQUIRE_EQ(-1, rfork(-1));
+	check_audit(fds, pcregex, pipefd);
+}
+
+ATF_TC_CLEANUP(rfork_failure, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(chdir_success);
+ATF_TC_HEAD(chdir_success, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+					"chdir(2) call");
+}
+
+ATF_TC_BODY(chdir_success, tc)
+{
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "chdir.*/.*%d.*return,success", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	ATF_REQUIRE_EQ(0, chdir("/"));
+	check_audit(fds, pcregex, pipefd);
+}
+
+ATF_TC_CLEANUP(chdir_success, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(chdir_failure);
+ATF_TC_HEAD(chdir_failure, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+					"chdir(2) call");
+}
+
+ATF_TC_BODY(chdir_failure, tc)
+{
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "chdir.*%d.*return,failure", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	/* Failure reason: Bad address */
+	ATF_REQUIRE_EQ(-1, chdir(NULL));
+	check_audit(fds, pcregex, pipefd);
+}
+
+ATF_TC_CLEANUP(chdir_failure, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(fchdir_success);
+ATF_TC_HEAD(fchdir_success, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+					"fchdir(2) call");
+}
+
+ATF_TC_BODY(fchdir_success, tc)
+{
+	/* Build an absolute path to the test-case directory */
+	char dirpath[50];
+	ATF_REQUIRE(getcwd(dirpath, sizeof(dirpath)) != NULL);
+	ATF_REQUIRE((filedesc = open(dirpath, O_RDONLY)) != -1);
+
+	/* Audit record generated by fchdir(2) does not contain filedesc */
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "fchdir.*%d.*return,success", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	ATF_REQUIRE_EQ(0, fchdir(filedesc));
+	check_audit(fds, pcregex, pipefd);
+	close(filedesc);
+}
+
+ATF_TC_CLEANUP(fchdir_success, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(fchdir_failure);
+ATF_TC_HEAD(fchdir_failure, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+					"fchdir(2) call");
+}
+
+ATF_TC_BODY(fchdir_failure, tc)
+{
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "fchdir.*%d.*return,failure", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	/* Failure reason: Bad directory address */
+	ATF_REQUIRE_EQ(-1, fchdir(-1));
+	check_audit(fds, pcregex, pipefd);
+}
+
+ATF_TC_CLEANUP(fchdir_failure, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(chroot_success);
+ATF_TC_HEAD(chroot_success, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+					"chroot(2) call");
+}
+
+ATF_TC_BODY(chroot_success, tc)
+{
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "chroot.*%d.*return,success", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	/* We don't want to change the root directory, hence '/' */
+	ATF_REQUIRE_EQ(0, chroot("/"));
+	check_audit(fds, pcregex, pipefd);
+}
+
+ATF_TC_CLEANUP(chroot_success, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(chroot_failure);
+ATF_TC_HEAD(chroot_failure, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+					"chroot(2) call");
+}
+
+ATF_TC_BODY(chroot_failure, tc)
+{
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "chroot.*%d.*return,failure", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	ATF_REQUIRE_EQ(-1, chroot(NULL));
+	check_audit(fds, pcregex, pipefd);
+}
+
+ATF_TC_CLEANUP(chroot_failure, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(umask_success);
+ATF_TC_HEAD(umask_success, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+					"umask(2) call");
+}
+
+ATF_TC_BODY(umask_success, tc)
+{
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "umask.*%d.*return,success", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	umask(0);
+	check_audit(fds, pcregex, pipefd);
+}
+
+ATF_TC_CLEANUP(umask_success, tc)
+{
+	cleanup();
+}
+
+/*
+ * umask(2) system call never fails. Hence, no test case for failure mode
+ */
+
+
+ATF_TC_WITH_CLEANUP(setuid_success);
+ATF_TC_HEAD(setuid_success, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+					"setuid(2) call");
+}
+
+ATF_TC_BODY(setuid_success, tc)
+{
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "setuid.*%d.*return,success", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	/* Since we're privileged, we'll let ourselves be privileged! */
+	ATF_REQUIRE_EQ(0, setuid(0));
+	check_audit(fds, pcregex, pipefd);
+}
+
+ATF_TC_CLEANUP(setuid_success, tc)
+{
+	cleanup();
+}
+
+/*
+ * setuid(2) fails only when the current user is not root. So no test case for
+ * failure mode since the required_user="root"
+ */
+
+
+ATF_TC_WITH_CLEANUP(seteuid_success);
+ATF_TC_HEAD(seteuid_success, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+					"seteuid(2) call");
+}
+
+ATF_TC_BODY(seteuid_success, tc)
+{
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "seteuid.*%d.*return,success", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	/* This time, we'll let ourselves be 'effectively' privileged! */
+	ATF_REQUIRE_EQ(0, seteuid(0));
+	check_audit(fds, pcregex, pipefd);
+}
+
+ATF_TC_CLEANUP(seteuid_success, tc)
+{
+	cleanup();
+}
+
+/*
+ * seteuid(2) fails only when the current user is not root. So no test case for
+ * failure mode since the required_user="root"
+ */
+
+
+ATF_TC_WITH_CLEANUP(setgid_success);
+ATF_TC_HEAD(setgid_success, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+					"setgid(2) call");
+}
+
+ATF_TC_BODY(setgid_success, tc)
+{
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "setgid.*%d.*return,success", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	ATF_REQUIRE_EQ(0, setgid(0));
+	check_audit(fds, pcregex, pipefd);
+}
+
+ATF_TC_CLEANUP(setgid_success, tc)
+{
+	cleanup();
+}
+
+/*
+ * setgid(2) fails only when the current user is not root. So no test case for
+ * failure mode since the required_user="root"
+ */
+
+
+ATF_TC_WITH_CLEANUP(setegid_success);
+ATF_TC_HEAD(setegid_success, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+					"setegid(2) call");
+}
+
+ATF_TC_BODY(setegid_success, tc)
+{
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "setegid.*%d.*return,success", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	ATF_REQUIRE_EQ(0, setegid(0));
+	check_audit(fds, pcregex, pipefd);
+}
+
+ATF_TC_CLEANUP(setegid_success, tc)
+{
+	cleanup();
+}
+
+/*
+ * setegid(2) fails only when the current user is not root. So no test case for
+ * failure mode since the required_user="root"
+ */
+
+
+ATF_TC_WITH_CLEANUP(setregid_success);
+ATF_TC_HEAD(setregid_success, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+					"setregid(2) call");
+}
+
+ATF_TC_BODY(setregid_success, tc)
+{
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "setregid.*%d.*return,success", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	/* setregid(-1, -1) does not change any real or effective GIDs */
+	ATF_REQUIRE_EQ(0, setregid(-1, -1));
+	check_audit(fds, pcregex, pipefd);
+}
+
+ATF_TC_CLEANUP(setregid_success, tc)
+{
+	cleanup();
+}
+
+/*
+ * setregid(2) fails only when the current user is not root. So no test case for
+ * failure mode since the required_user="root"
+ */
+
+
+ATF_TC_WITH_CLEANUP(setreuid_success);
+ATF_TC_HEAD(setreuid_success, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+					"setreuid(2) call");
+}
+
+ATF_TC_BODY(setreuid_success, tc)
+{
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "setreuid.*%d.*return,success", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	/* setreuid(-1, -1) does not change any real or effective UIDs */
+	ATF_REQUIRE_EQ(0, setreuid(-1, -1));
+	check_audit(fds, pcregex, pipefd);
+}
+
+ATF_TC_CLEANUP(setreuid_success, tc)
+{
+	cleanup();
+}
+
+/*
+ * setregid(2) fails only when the current user is not root. So no test case for
+ * failure mode since the required_user="root"
+ */
+
+
+ATF_TC_WITH_CLEANUP(setresuid_success);
+ATF_TC_HEAD(setresuid_success, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+					"setresuid(2) call");
+}
+
+ATF_TC_BODY(setresuid_success, tc)
+{
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "setresuid.*%d.*return,success", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	/* setresuid(-1, -1, -1) does not change real, effective & saved UIDs */
+	ATF_REQUIRE_EQ(0, setresuid(-1, -1, -1));
+	check_audit(fds, pcregex, pipefd);
+}
+
+ATF_TC_CLEANUP(setresuid_success, tc)
+{
+	cleanup();
+}
+
+/*
+ * setresuid(2) fails only when the current user is not root. So no test case
+ * for failure mode since the required_user="root"
+ */
+
+
+ATF_TC_WITH_CLEANUP(setresgid_success);
+ATF_TC_HEAD(setresgid_success, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+					"setresgid(2) call");
+}
+
+ATF_TC_BODY(setresgid_success, tc)
+{
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "setresgid.*%d.*ret.*success", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	/* setresgid(-1, -1, -1) does not change real, effective & saved GIDs */
+	ATF_REQUIRE_EQ(0, setresgid(-1, -1, -1));
+	check_audit(fds, pcregex, pipefd);
+}
+
+ATF_TC_CLEANUP(setresgid_success, tc)
+{
+	cleanup();
+}
+
+/*
+ * setresgid(2) fails only when the current user is not root. So no test case
+ * for failure mode since the required_user="root"
+ */
+
+
+ATF_TC_WITH_CLEANUP(getresuid_success);
+ATF_TC_HEAD(getresuid_success, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+					"getresuid(2) call");
+}
+
+ATF_TC_BODY(getresuid_success, tc)
+{
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "getresuid.*%d.*ret.*success", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	ATF_REQUIRE_EQ(0, getresuid(NULL, NULL, NULL));
+	check_audit(fds, pcregex, pipefd);
+}
+
+ATF_TC_CLEANUP(getresuid_success, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(getresuid_failure);
+ATF_TC_HEAD(getresuid_failure, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+					"getresuid(2) call");
+}
+
+ATF_TC_BODY(getresuid_failure, tc)
+{
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "getresuid.*%d.*ret.*failure", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	/* Failure reason: Invalid address "-1" */
+	ATF_REQUIRE_EQ(-1, getresuid((uid_t *)-1, NULL, NULL));
+	check_audit(fds, pcregex, pipefd);
+}
+
+ATF_TC_CLEANUP(getresuid_failure, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(getresgid_success);
+ATF_TC_HEAD(getresgid_success, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+					"getresgid(2) call");
+}
+
+ATF_TC_BODY(getresgid_success, tc)
+{
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "getresgid.*%d.*ret.*success", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	ATF_REQUIRE_EQ(0, getresgid(NULL, NULL, NULL));
+	check_audit(fds, pcregex, pipefd);
+}
+
+ATF_TC_CLEANUP(getresgid_success, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(getresgid_failure);
+ATF_TC_HEAD(getresgid_failure, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+					"getresgid(2) call");
+}
+
+ATF_TC_BODY(getresgid_failure, tc)
+{
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "getresgid.*%d.*ret.*failure", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	/* Failure reason: Invalid address "-1" */
+	ATF_REQUIRE_EQ(-1, getresgid((gid_t *)-1, NULL, NULL));
+	check_audit(fds, pcregex, pipefd);
+}
+
+ATF_TC_CLEANUP(getresgid_failure, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(setpriority_success);
+ATF_TC_HEAD(setpriority_success, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+					"setpriority(2) call");
+}
+
+ATF_TC_BODY(setpriority_success, tc)
+{
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "setpriority.*%d.*success", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	ATF_REQUIRE_EQ(0, setpriority(PRIO_PROCESS, 0, 0));
+	check_audit(fds, pcregex, pipefd);
+}
+
+ATF_TC_CLEANUP(setpriority_success, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(setpriority_failure);
+ATF_TC_HEAD(setpriority_failure, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+					"setpriority(2) call");
+}
+
+ATF_TC_BODY(setpriority_failure, tc)
+{
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "setpriority.*%d.*failure", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	ATF_REQUIRE_EQ(-1, setpriority(-1, -1, -1));
+	check_audit(fds, pcregex, pipefd);
+}
+
+ATF_TC_CLEANUP(setpriority_failure, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(setgroups_success);
+ATF_TC_HEAD(setgroups_success, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+					"setgroups(2) call");
+}
+
+ATF_TC_BODY(setgroups_success, tc)
+{
+	gid_t gids[5];
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "setgroups.*%d.*ret.*success", pid);
+	/* Retrieve the current group access list to be used with setgroups */
+	ATF_REQUIRE(getgroups(sizeof(gids)/sizeof(gids[0]), gids) != -1);
+
+	FILE *pipefd = setup(fds, auclass);
+	ATF_REQUIRE_EQ(0, setgroups(sizeof(gids)/sizeof(gids[0]), gids));
+	check_audit(fds, pcregex, pipefd);
+}
+
+ATF_TC_CLEANUP(setgroups_success, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(setgroups_failure);
+ATF_TC_HEAD(setgroups_failure, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+					"setgroups(2) call");
+}
+
+ATF_TC_BODY(setgroups_failure, tc)
+{
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "setgroups.*%d.*ret.*failure", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	ATF_REQUIRE_EQ(-1, setgroups(-1, NULL));
+	check_audit(fds, pcregex, pipefd);
+}
+
+ATF_TC_CLEANUP(setgroups_failure, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(setpgrp_success);
+ATF_TC_HEAD(setpgrp_success, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+					"setpgrp(2) call");
+}
+
+ATF_TC_BODY(setpgrp_success, tc)
+{
+	/* Main procedure is carried out from within the child process */
+	ATF_REQUIRE((pid = fork()) != -1);
+	if (pid) {
+		ATF_REQUIRE(wait(&status) != -1);
+	} else {
+		pid = getpid();
+		snprintf(pcregex, sizeof(pcregex), "setpgrp.*%d.*success", pid);
+
+		FILE *pipefd = setup(fds, auclass);
+		ATF_REQUIRE_EQ(0, setpgrp(0, 0));
+		check_audit(fds, pcregex, pipefd);
+	}
+}
+
+ATF_TC_CLEANUP(setpgrp_success, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(setpgrp_failure);
+ATF_TC_HEAD(setpgrp_failure, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+					"setpgrp(2) call");
+}
+
+ATF_TC_BODY(setpgrp_failure, tc)
+{
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "setpgrp.*%d.*return,failure", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	ATF_REQUIRE_EQ(-1, setpgrp(-1, -1));
+	check_audit(fds, pcregex, pipefd);
+}
+
+ATF_TC_CLEANUP(setpgrp_failure, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(setrlimit_success);
+ATF_TC_HEAD(setrlimit_success, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+					"setrlimit(2) call");
+}
+
+ATF_TC_BODY(setrlimit_success, tc)
+{
+	struct rlimit rlp;
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "setrlimit.*%d.*ret.*success", pid);
+	/* Retrieve the system resource consumption limit to be used later on */
+	ATF_REQUIRE_EQ(0, getrlimit(RLIMIT_FSIZE, &rlp));
+
+	FILE *pipefd = setup(fds, auclass);
+	ATF_REQUIRE_EQ(0, setrlimit(RLIMIT_FSIZE, &rlp));
+	check_audit(fds, pcregex, pipefd);
+}
+
+ATF_TC_CLEANUP(setrlimit_success, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(setrlimit_failure);
+ATF_TC_HEAD(setrlimit_failure, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+					"setrlimit(2) call");
+}
+
+ATF_TC_BODY(setrlimit_failure, tc)
+{
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "setrlimit.*%d.*ret.*failure", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	ATF_REQUIRE_EQ(-1, setrlimit(RLIMIT_FSIZE, NULL));
+	check_audit(fds, pcregex, pipefd);
+}
+
+ATF_TC_CLEANUP(setrlimit_failure, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(mlock_success);
+ATF_TC_HEAD(mlock_success, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+					"mlock(2) call");
+}
+
+ATF_TC_BODY(mlock_success, tc)
+{
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "mlock.*%d.*return,success", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	ATF_REQUIRE_EQ(0, mlock(NULL, 0));
+	check_audit(fds, pcregex, pipefd);
+}
+
+ATF_TC_CLEANUP(mlock_success, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(mlock_failure);
+ATF_TC_HEAD(mlock_failure, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+					"mlock(2) call");
+}
+
+ATF_TC_BODY(mlock_failure, tc)
+{
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "mlock.*%d.*return,failure", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	ATF_REQUIRE_EQ(-1, mlock((void *)(-1), -1));
+	check_audit(fds, pcregex, pipefd);
+}
+
+ATF_TC_CLEANUP(mlock_failure, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(munlock_success);
+ATF_TC_HEAD(munlock_success, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+					"munlock(2) call");
+}
+
+ATF_TC_BODY(munlock_success, tc)
+{
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "munlock.*%d.*return,success", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	ATF_REQUIRE_EQ(0, munlock(NULL, 0));
+	check_audit(fds, pcregex, pipefd);
+}
+
+ATF_TC_CLEANUP(munlock_success, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(munlock_failure);
+ATF_TC_HEAD(munlock_failure, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+					"munlock(2) call");
+}
+
+ATF_TC_BODY(munlock_failure, tc)
+{
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "munlock.*%d.*return,failure", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	ATF_REQUIRE_EQ(-1, munlock((void *)(-1), -1));
+	check_audit(fds, pcregex, pipefd);
+}
+
+ATF_TC_CLEANUP(munlock_failure, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(minherit_success);
+ATF_TC_HEAD(minherit_success, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+					"minherit(2) call");
+}
+
+ATF_TC_BODY(minherit_success, tc)
+{
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "minherit.*%d.*return,success", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	ATF_REQUIRE_EQ(0, minherit(NULL, 0, INHERIT_ZERO));
+	check_audit(fds, pcregex, pipefd);
+}
+
+ATF_TC_CLEANUP(minherit_success, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(minherit_failure);
+ATF_TC_HEAD(minherit_failure, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+					"minherit(2) call");
+}
+
+ATF_TC_BODY(minherit_failure, tc)
+{
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "minherit.*%d.*return,failure", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	ATF_REQUIRE_EQ(-1, minherit((void *)(-1), -1, 0));
+	check_audit(fds, pcregex, pipefd);
+}
+
+ATF_TC_CLEANUP(minherit_failure, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(setlogin_success);
+ATF_TC_HEAD(setlogin_success, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+					"setlogin(2) call");
+}
+
+ATF_TC_BODY(setlogin_success, tc)
+{
+	char *name;
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "setlogin.*%d.*return,success", pid);
+
+	/* Retrieve the current user's login name to be used with setlogin(2) */
+	ATF_REQUIRE((name = getlogin()) != NULL);
+	FILE *pipefd = setup(fds, auclass);
+	ATF_REQUIRE_EQ(0, setlogin(name));
+	check_audit(fds, pcregex, pipefd);
+}
+
+ATF_TC_CLEANUP(setlogin_success, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(setlogin_failure);
+ATF_TC_HEAD(setlogin_failure, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+					"setlogin(2) call");
+}
+
+ATF_TC_BODY(setlogin_failure, tc)
+{
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "setlogin.*%d.*return,failure", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	ATF_REQUIRE_EQ(-1, setlogin(NULL));
+	check_audit(fds, pcregex, pipefd);
+}
+
+ATF_TC_CLEANUP(setlogin_failure, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(rtprio_success);
+ATF_TC_HEAD(rtprio_success, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+					"rtprio(2) call");
+}
+
+ATF_TC_BODY(rtprio_success, tc)
+{
+	struct rtprio rtp;
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "rtprio.*%d.*return,success", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	ATF_REQUIRE_EQ(0, rtprio(RTP_LOOKUP, 0, &rtp));
+	check_audit(fds, pcregex, pipefd);
+}
+
+ATF_TC_CLEANUP(rtprio_success, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(rtprio_failure);
+ATF_TC_HEAD(rtprio_failure, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+					"rtprio(2) call");
+}
+
+ATF_TC_BODY(rtprio_failure, tc)
+{
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "rtprio.*%d.*return,failure", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	ATF_REQUIRE_EQ(-1, rtprio(-1, -1, NULL));
+	check_audit(fds, pcregex, pipefd);
+}
+
+ATF_TC_CLEANUP(rtprio_failure, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(profil_success);
+ATF_TC_HEAD(profil_success, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+					"profil(2) call");
+}
+
+ATF_TC_BODY(profil_success, tc)
+{
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "profil.*%d.*return,success", pid);
+
+	char samples[20];
+	FILE *pipefd = setup(fds, auclass);
+	/* Set scale argument as 0 to disable profiling of current process */
+	ATF_REQUIRE_EQ(0, profil(samples, sizeof(samples), 0, 0));
+	check_audit(fds, pcregex, pipefd);
+}
+
+ATF_TC_CLEANUP(profil_success, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(profil_failure);
+ATF_TC_HEAD(profil_failure, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+					"profil(2) call");
+}
+
+ATF_TC_BODY(profil_failure, tc)
+{
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "profil.*%d.*return,failure", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	ATF_REQUIRE_EQ(-1, profil((char *)(SIZE_MAX), -1, -1, -1));
+	check_audit(fds, pcregex, pipefd);
+}
+
+ATF_TC_CLEANUP(profil_failure, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(ptrace_success);
+ATF_TC_HEAD(ptrace_success, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+					"ptrace(2) call");
+}
+
+ATF_TC_BODY(ptrace_success, tc)
+{
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "ptrace.*%d.*return,success", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	ATF_REQUIRE_EQ(0, ptrace(PT_TRACE_ME, 0, NULL, 0));
+	check_audit(fds, pcregex, pipefd);
+}
+
+ATF_TC_CLEANUP(ptrace_success, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(ptrace_failure);
+ATF_TC_HEAD(ptrace_failure, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+					"ptrace(2) call");
+}
+
+ATF_TC_BODY(ptrace_failure, tc)
+{
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "ptrace.*%d.*return,failure", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	ATF_REQUIRE_EQ(-1, ptrace(-1, 0, NULL, 0));
+	check_audit(fds, pcregex, pipefd);
+}
+
+ATF_TC_CLEANUP(ptrace_failure, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(ktrace_success);
+ATF_TC_HEAD(ktrace_success, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of a successful "
+					"ktrace(2) call");
+}
+
+ATF_TC_BODY(ktrace_success, tc)
+{
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "ktrace.*%d.*return,success", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	ATF_REQUIRE_EQ(0, ktrace(NULL, KTROP_CLEAR, KTRFAC_SYSCALL, pid));
+	check_audit(fds, pcregex, pipefd);
+}
+
+ATF_TC_CLEANUP(ktrace_success, tc)
+{
+	cleanup();
+}
+
+
+ATF_TC_WITH_CLEANUP(ktrace_failure);
+ATF_TC_HEAD(ktrace_failure, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Tests the audit of an unsuccessful "
+					"ktrace(2) call");
+}
+
+ATF_TC_BODY(ktrace_failure, tc)
+{
+	pid = getpid();
+	snprintf(pcregex, sizeof(pcregex), "ktrace.*%d.*return,failure", pid);
+
+	FILE *pipefd = setup(fds, auclass);
+	ATF_REQUIRE_EQ(-1, ktrace(NULL, -1, -1, 0));
+	check_audit(fds, pcregex, pipefd);
+}
+
+ATF_TC_CLEANUP(ktrace_failure, tc)
+{
+	cleanup();
+}
+
+
+ATF_TP_ADD_TCS(tp)
+{
+	ATF_TP_ADD_TC(tp, fork_success);
+	ATF_TP_ADD_TC(tp, rfork_success);
+	ATF_TP_ADD_TC(tp, rfork_failure);
+
+	ATF_TP_ADD_TC(tp, chdir_success);
+	ATF_TP_ADD_TC(tp, chdir_failure);
+	ATF_TP_ADD_TC(tp, fchdir_success);
+	ATF_TP_ADD_TC(tp, fchdir_failure);
+	ATF_TP_ADD_TC(tp, chroot_success);
+	ATF_TP_ADD_TC(tp, chroot_failure);
+
+	ATF_TP_ADD_TC(tp, umask_success);
+	ATF_TP_ADD_TC(tp, setuid_success);
+	ATF_TP_ADD_TC(tp, seteuid_success);
+	ATF_TP_ADD_TC(tp, setgid_success);
+	ATF_TP_ADD_TC(tp, setegid_success);
+
+	ATF_TP_ADD_TC(tp, setreuid_success);
+	ATF_TP_ADD_TC(tp, setregid_success);
+	ATF_TP_ADD_TC(tp, setresuid_success);
+	ATF_TP_ADD_TC(tp, setresgid_success);
+
+	ATF_TP_ADD_TC(tp, getresuid_success);
+	ATF_TP_ADD_TC(tp, getresuid_failure);
+	ATF_TP_ADD_TC(tp, getresgid_success);
+	ATF_TP_ADD_TC(tp, getresgid_failure);
+
+	ATF_TP_ADD_TC(tp, setpriority_success);
+	ATF_TP_ADD_TC(tp, setpriority_failure);
+	ATF_TP_ADD_TC(tp, setgroups_success);
+	ATF_TP_ADD_TC(tp, setgroups_failure);
+	ATF_TP_ADD_TC(tp, setpgrp_success);
+	ATF_TP_ADD_TC(tp, setpgrp_failure);
+	ATF_TP_ADD_TC(tp, setrlimit_success);
+	ATF_TP_ADD_TC(tp, setrlimit_failure);
+
+	ATF_TP_ADD_TC(tp, mlock_success);
+	ATF_TP_ADD_TC(tp, mlock_failure);
+	ATF_TP_ADD_TC(tp, munlock_success);
+	ATF_TP_ADD_TC(tp, munlock_failure);
+	ATF_TP_ADD_TC(tp, minherit_success);
+	ATF_TP_ADD_TC(tp, minherit_failure);
+
+	ATF_TP_ADD_TC(tp, setlogin_success);
+	ATF_TP_ADD_TC(tp, setlogin_failure);
+	ATF_TP_ADD_TC(tp, rtprio_success);
+	ATF_TP_ADD_TC(tp, rtprio_failure);
+
+	ATF_TP_ADD_TC(tp, profil_success);
+	ATF_TP_ADD_TC(tp, profil_failure);
+	ATF_TP_ADD_TC(tp, ptrace_success);
+	ATF_TP_ADD_TC(tp, ptrace_failure);
+	ATF_TP_ADD_TC(tp, ktrace_success);
+	ATF_TP_ADD_TC(tp, ktrace_failure);
+
+	return (atf_no_error());
+}