Bug 227889 - [LSPP] CUPS is printing with Audit daemon stopped
[LSPP] CUPS is printing with Audit daemon stopped
Status: CLOSED NOTABUG
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: cups (Show other bugs)
5.0
All Linux
medium Severity high
: ---
: ---
Assigned To: Tim Waugh
David Lawrence
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-02-08 14:48 EST by Eduardo M. Fleury
Modified: 2007-11-30 17:07 EST (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-02-13 16:30:05 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Eduardo M. Fleury 2007-02-08 14:48:20 EST
Description of problem:
In a certification environment CUPS is expected to print only if the log
subsystem (Audit) is running. This is not happening as of RHEL5 RC 2006-01-26,
installed with LSPP KS v18-1

Version-Release number of selected component (if applicable):
cups-1.2.4-11.5.el5
cups-libs-1.2.4-11.5.el5

How reproducible:
Very

Steps to Reproduce:
1) Make sure you have an USB printer configured and printing properly, if you don't:
lpadmin -p MyPrinter -E -v usb:/dev/usb/lp0 -m postscript.ppd.gz
lpadmin -d MyPrinter

2) Shut down Audit
run_init /etc/init.d/auditd stop

3) Print something
lpr MyPage.ps

Actual results:
Page is printed and log messages are not kept.

Expected results:
CUPS should detect Audit status and refuse from printing.

Additional info:
This is required for the LSPP certification.
Comment 2 RHEL Product and Program Management 2007-02-09 06:40:33 EST
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux major release.  Product Management has requested further
review of this request by Red Hat Engineering, for potential inclusion in a Red
Hat Enterprise Linux Major release.  This request is not yet committed for
inclusion.
Comment 3 Linda Knippers 2007-02-09 10:37:47 EST
Cups can be configured to not start if it can't open open the audit netlink
socket.  Check out /etc/libaudit.conf.  Cups will do whatever action 
is specified there (default is ignore) if the open fails.  However,
it doesn't check that if issuing a specific audit record fails.

We had this discussion a long time ago in the lspp conference calls.
Many trusted programs only issue an audit record after the completion
of an operation so that they can include the results (fail/succeed).
useradd is an example.  If it can't issue an audit record, you get
a syslog record but the operation still completed.

While auditing data exporting is a new requirement for LSPP, the
general behavior of audit and trusted programs isn't new.  If all
trusted programs have to fail to execute if the results can't be
audited then we're got more than just cups to deal with and we'll
have to figure out how to undo operations (if that's possible) that
we couldn't audit.
Comment 5 Klaus Heinrich Kiwi 2007-02-13 12:24:42 EST
Linda/Matt/Steve,
 will this get marked as NOTABUG? Matt, is this related to the changes you'll
submit to cups?
Comment 6 Matt Anderson 2007-02-13 13:04:16 EST
Yes I think it should be marked as NOTABUG.

I don't have a patch for this and haven't been convinced that we need one.

Note You need to log in before you can comment on or make changes to this bug.