Escalated to Bugzilla from IssueTracker
I sent an e-mail directly to the ibm reporter to ask this question (since I was apparently supposed to have all this fixed by last monday) but should follow process as well. By "invalid" do they mean the usage of > or < ? I assume they believe that only = or != should be allowed? If so this should be done in userspace in the auditctl utility in audit_rule_fieldpair_data() by returning -12 and explaining it in an error inside setopt. This should not be a kernel fix.
only = and != are valid for arch field. This needs to be in the kernel since anyone could use an old audit tool or write their own.
QE ack for RHEL5B2. Related to 14b of the release criteria.
patch posted for revew on 9/29.
in kernel-2.6.18-1.2718.el5