Bug 227889
Summary: | [LSPP] CUPS is printing with Audit daemon stopped | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 5 | Reporter: | Eduardo M. Fleury <efleury> |
Component: | cups | Assignee: | Tim Waugh <twaugh> |
Status: | CLOSED NOTABUG | QA Contact: | David Lawrence <dkl> |
Severity: | high | Docs Contact: | |
Priority: | medium | ||
Version: | 5.0 | CC: | iboverma, klaus, linda.knippers, mra, sgrubb |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2007-02-13 21:30:05 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Eduardo M. Fleury
2007-02-08 19:48:20 UTC
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux major release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Major release. This request is not yet committed for inclusion. Cups can be configured to not start if it can't open open the audit netlink socket. Check out /etc/libaudit.conf. Cups will do whatever action is specified there (default is ignore) if the open fails. However, it doesn't check that if issuing a specific audit record fails. We had this discussion a long time ago in the lspp conference calls. Many trusted programs only issue an audit record after the completion of an operation so that they can include the results (fail/succeed). useradd is an example. If it can't issue an audit record, you get a syslog record but the operation still completed. While auditing data exporting is a new requirement for LSPP, the general behavior of audit and trusted programs isn't new. If all trusted programs have to fail to execute if the results can't be audited then we're got more than just cups to deal with and we'll have to figure out how to undo operations (if that's possible) that we couldn't audit. Linda/Matt/Steve, will this get marked as NOTABUG? Matt, is this related to the changes you'll submit to cups? Yes I think it should be marked as NOTABUG. I don't have a patch for this and haven't been convinced that we need one. |