New subject: [PATCH] LSPP audit enablement: storing selinux ocontext and scontext

Monday, 26 September 2005

On 9/26/05, Steve Grubb <sgrubb(a)redhat.com&gt; wrote:
...
 On Monday 26 September 2005 15:00, Steve Grubb wrote:
 > Lets use the following audit message number ranges for the next round of
...
 > development:

 On second thought, maybe better to group the messages between kernel &
 userspace better

 1500 - 1599 kernel LSPP events
 1700 - 1799 kernel crypto events
 1800 - 1999 future kernel use (maybe integrity labels and related events)
...
 2001 - 2099 unused (kernel)
 2100 - 2199 user space anomaly records
 2200 - 2299 user space actions taken in response to anomalies
 2300 - 2399 user space generated LSPP events
 2400 - 2499 user space crypto events
 2500 - 2999 future user space (maybe integrity labels and related events)
...

 This would allow us to cover more numbers in a case statement where we are
...
 trying to just relay messages through the kernel back to userspace.

What about 1600-1699?  Perhaps crypto -> 1600-1699, and save 1700-1999
for future use?

2000+ for user space seems sensible to me.

:-Dustin

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Re: [PATCH] LSPP audit enablement: storing selinux ocontext and scontext