[PATCH 0/2] signal audit (v3)

[Amy Griffis]

Several changes since last version:
    - use arch rule field to determine which signal class to check,
      check both if arch is unspecified
    - don't check AUDIT_CLASS_SIGNAL_32 if it doesn't exist
    - group target pids in aux structs (initially 16)
    - on syscall exit, initialize context's aux ptrs for re-use
    - don't convert sid to string until we log a record

Applies on top of ptrace patch.