[PATCH] LSPP audit enablement: storing selinux ocontext and scontext
Steve Grubb
sgrubb at redhat.com
Mon Sep 26 20:28:39 UTC 2005
On Monday 26 September 2005 15:00, Steve Grubb wrote:
> Lets use the following audit message number ranges for the next round of
> development:
On second thought, maybe better to group the messages between kernel &
userspace better
1500 - 1599 kernel LSPP events
1700 - 1799 kernel crypto events
1800 - 1999 future kernel use (maybe integrity labels and related events)
2001 - 2099 unused (kernel)
2100 - 2199 user space anomaly records
2200 - 2299 user space actions taken in response to anomalies
2300 - 2399 user space generated LSPP events
2400 - 2499 user space crypto events
2500 - 2999 future user space (maybe integrity labels and related events)
This would allow us to cover more numbers in a case statement where we are
trying to just relay messages through the kernel back to userspace.
-Steve
More information about the Linux-audit
mailing list