What were you trying to do that didn't work?

Run the test on RC/CTC/advisory testing

What is the impact of this issue to you?

Test repeatedly fails in RC/CTC/advisory testing rounds. When ausearch scrolls through events and there is a checkpoint, it tries to find a specific event that is saved. But our ausearch has an option -m USER, which filters other events. And at the same time, if for some reason an event is between test3 and test4, ausearch will skip the event that is between them and at the same time that event is a checkpoint event. So there is no output and based on that the test phase FAILS due unable to match the output from the ausearch.

Please provide the package NVR for which the bug is seen:

audit-3.1.5-4.el9

How reproducible is this bug?:

Steps to reproduce

1. Provision machine (TF/1MT) with the latest RHEL-9.6 compose
2. Clone audit downstream repository, cd to that repo and run 

   tmt --context distro=rhel-9.6 run -a provision -h connect -g 10.0.185.51 -u root -p toor plans --default tests -n Sanity/ausearch-checkpoint execute -h tmt --interactive 
   
   or
   
   testing-farm request --context distro=rhel-9.6 --compose RHEL-9.6.0-Nightly --git-url https://gitlab.cee.redhat.com/special-projects/tests/audit --git-ref master --plan Plans/general --arch x86_64,s390x,ppc64le,aarch64 --test-filter "name: /Sanity/ausearch-checkpoint"

Expected results

:: [ 14:03:06 ] :: [ PASS ] :: Moving checkpoint 2, not test should be reported (Expected 1, got 1)
:: [ 14:03:06 ] :: [ PASS ] :: File '/var/tmp/rlRun_LOG.G3kGQJSA' should not contain 'test'
:: [ 14:03:06 ] :: [ PASS ] :: Command 'cat chk2' (Expected 0, got 0)
:: [ 14:03:11 ] :: [ PASS ] :: Generating message test4 (Expected 0, got 0)
:: [ 14:03:11 ] :: [ PASS ] :: Moving checkpoint 2, test4 should be reported (Expected 0, got 0)
:: [ 14:03:11 ] :: [ PASS ] :: File '/var/tmp/rlRun_LOG.5zPyqwyl' should contain 'test4'
:: [ 14:03:11 ] :: [ PASS ] :: Command 'cat chk2' (Expected 0, got 0)
:: [ 14:03:13 ] :: [ PASS ] :: Command 'ausearch -ts recent' (Expected 0, got 0)
:: [ 14:03:23 ] :: [ PASS ] :: Command 'sleep 10' (Expected 0, got 0)
:: [ 14:03:26 ] :: [ PASS ] :: Command 'ausearch -ts recent' (Expected 0, got 0)

Actual results

:: [ 14:03:06 ] :: [ PASS ] :: Moving checkpoint 2, not test should be reported (Expected 1, got 1)
:: [ 14:03:06 ] :: [ PASS ] :: File '/var/tmp/rlRun_LOG.G3kGQJSA' should not contain 'test'
:: [ 14:03:06 ] :: [ PASS ] :: Command 'cat chk2' (Expected 0, got 0)
:: [ 14:03:11 ] :: [ PASS ] :: Generating message test4 (Expected 0, got 0)
:: [ 14:03:11 ] :: [ FAIL ] :: Moving checkpoint 2, test4 should be reported (Expected 0, got 1)
:: [ 14:03:11 ] :: [ FAIL ] :: File '/var/tmp/rlRun_LOG.5zPyqwyl' should contain 'test4'
:: [ 14:03:11 ] :: [ PASS ] :: Command 'cat chk2' (Expected 0, got 0)
:: [ 14:03:13 ] :: [ PASS ] :: Command 'ausearch -ts recent' (Expected 0, got 0)
:: [ 14:03:23 ] :: [ PASS ] :: Command 'sleep 10' (Expected 0, got 0)
:: [ 14:03:26 ] :: [ PASS ] :: Command 'ausearch -ts recent' (Expected 0, got 0)