In the CheriBSD CI we reproducibly see the first test in sys/audit (administrative:acct_failure) fail due to a missing startup message. It appears this is caused by a race condition when starting auditd: `service auditd onestart` returns as soon as the initial auditd() parent exits (after the daemon(3) call). We can avoid this problem by setting up the auditd infrastructure in-process: libauditd contains audit_quick_{start,stop}() functions that look like they are ideally suited to this task. This patch also avoids forking lots of shell processes for each of the 418 tests by using `auditon(A_SENDTRIGGER, &trigger, sizeof(trigger))` to check for a running auditd(8) instead of using `service auditd onestatus`. With these two changes (and D28388 to fix the XFAIL'd test) I can now boot and run `cd /usr/tests/sys/audit && kyua test` without any failures in a single-core QEMU instance. Before there would always be at least one failed test. Besides making the tests more reliable in CI, a nice side-effect of this change is that it also significantly speeds up running them by avoiding lots of fork()/execve() caused by shell scripts: Running kyua test on an AArch64 QEMU took 315s before and now takes 68s, so it's roughly 3.5 times faster. This effect is even larger when running on a CHERI-RISC-V QEMU since emulating CHERI instructions on an x86 host is noticeably slower than emulating AArch64. Test Plan: aarch64+amd64 QEMU no longer fail. Reviewed By: asomers Differential Revision: https://reviews.freebsd.org/D28451
