[PATCH] LSPP audit enablement: storing selinux ocontext and scontext
Dustin Kirkland
dustin.kirkland at us.ibm.com
Mon Sep 26 20:57:25 UTC 2005
On 9/26/05, Steve Grubb <sgrubb at redhat.com> wrote:
> On Monday 26 September 2005 15:00, Steve Grubb wrote:
> > Lets use the following audit message number ranges for the next
round of
> > development:
>
> On second thought, maybe better to group the messages between kernel &
> userspace better
>
> 1500 - 1599 kernel LSPP events
> 1700 - 1799 kernel crypto events
> 1800 - 1999 future kernel use (maybe integrity labels and related
events)
> 2001 - 2099 unused (kernel)
> 2100 - 2199 user space anomaly records
> 2200 - 2299 user space actions taken in response to anomalies
> 2300 - 2399 user space generated LSPP events
> 2400 - 2499 user space crypto events
> 2500 - 2999 future user space (maybe integrity labels and related
events)
>
> This would allow us to cover more numbers in a case statement where we
are
> trying to just relay messages through the kernel back to userspace.
What about 1600-1699? Perhaps crypto -> 1600-1699, and save 1700-1999
for future use?
2000+ for user space seems sensible to me.
:-Dustin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20050926/d6736d51/attachment.sig>
More information about the Linux-audit
mailing list