Red Hat Bugzilla – Bug 227889
[LSPP] CUPS is printing with Audit daemon stopped
Last modified: 2007-11-30 17:07:41 EST
Description of problem:
In a certification environment CUPS is expected to print only if the log
subsystem (Audit) is running. This is not happening as of RHEL5 RC 2006-01-26,
installed with LSPP KS v18-1
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1) Make sure you have an USB printer configured and printing properly, if you don't:
lpadmin -p MyPrinter -E -v usb:/dev/usb/lp0 -m postscript.ppd.gz
lpadmin -d MyPrinter
2) Shut down Audit
run_init /etc/init.d/auditd stop
3) Print something
Page is printed and log messages are not kept.
CUPS should detect Audit status and refuse from printing.
This is required for the LSPP certification.
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux major release. Product Management has requested further
review of this request by Red Hat Engineering, for potential inclusion in a Red
Hat Enterprise Linux Major release. This request is not yet committed for
Cups can be configured to not start if it can't open open the audit netlink
socket. Check out /etc/libaudit.conf. Cups will do whatever action
is specified there (default is ignore) if the open fails. However,
it doesn't check that if issuing a specific audit record fails.
We had this discussion a long time ago in the lspp conference calls.
Many trusted programs only issue an audit record after the completion
of an operation so that they can include the results (fail/succeed).
useradd is an example. If it can't issue an audit record, you get
a syslog record but the operation still completed.
While auditing data exporting is a new requirement for LSPP, the
general behavior of audit and trusted programs isn't new. If all
trusted programs have to fail to execute if the results can't be
audited then we're got more than just cups to deal with and we'll
have to figure out how to undo operations (if that's possible) that
we couldn't audit.
will this get marked as NOTABUG? Matt, is this related to the changes you'll
submit to cups?
Yes I think it should be marked as NOTABUG.
I don't have a patch for this and haven't been convinced that we need one.