[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [PATCH] LSPP audit enablement: storing selinux ocontext and scontext

On Tue, 27 Sep 2005 15:23:39 EDT, Steve Grubb said:
> On Tuesday 27 September 2005 01:57, Valdis Kletnieks vt edu wrote:
> > > 1500 - 1599 kernel LSPP events
> > > 1700 - 1799 kernel crypto events
> > > 1800 - 1999 future kernel use (maybe integrity labels and related events)
> >
> > < and so on..>
> >
> > Am I the only one who thinks "100 entries will be enough" sounds
> > suspiciously like "640K should be enough for anybody"?
> I'm thinking it should be enough unless vendors want to clip their programs 
> into the audit system and start inventing their own numbers.

That's basically what I was worried about.

> Well, we could easily continue the same kind of messages in another block. So 
> far, we've only consumed < 20 message types on any block. I really can't see 
> a 100 different kinds of LSPP kernel message types.

That's just waiting for a bug report when somebody's software doesn't play nice
with "2100..2199,2700..2799" type ranges.  Agreed the kernel probably won't need
a lot more, but we might want to make sure we have bigger ranges available for
userspace.  Maybe make each userspace range 1K wide rather than 100?  (Yes,
I know that's just putting the Y2K problem off to 2038 ;)

Attachment: pgp4dSXPosmOL.pgp
Description: PGP signature

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]