[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [PATCH] LSPP audit enablement: storing selinux ocontext and scontext



On 9/26/05, Steve Grubb <sgrubb redhat com> wrote:
> On Monday 26 September 2005 15:00, Steve Grubb wrote:
> > Lets use the following audit message number ranges for the next
round of
> > development:
> 
> On second thought, maybe better to group the messages between kernel &
> userspace better
> 
> 1500 - 1599 kernel LSPP events
> 1700 - 1799 kernel crypto events
> 1800 - 1999 future kernel use (maybe integrity labels and related
events)
> 2001 - 2099 unused (kernel)
> 2100 - 2199 user space anomaly records
> 2200 - 2299 user space actions taken in response to anomalies
> 2300 - 2399 user space generated LSPP events
> 2400 - 2499 user space crypto events
> 2500 - 2999 future user space (maybe integrity labels and related
events)
> 
> This would allow us to cover more numbers in a case statement where we
are
> trying to just relay messages through the kernel back to userspace.


What about 1600-1699?  Perhaps crypto -> 1600-1699, and save 1700-1999
for future use?

2000+ for user space seems sensible to me.


:-Dustin

Attachment: signature.asc
Description: This is a digitally signed message part


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]