Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 227889 - [LSPP] CUPS is printing with Audit daemon stopped
Summary: [LSPP] CUPS is printing with Audit daemon stopped
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: cups
Version: 5.0
Hardware: All
OS: Linux
Target Milestone: ---
: ---
Assignee: Tim Waugh
QA Contact: David Lawrence
Depends On:
TreeView+ depends on / blocked
Reported: 2007-02-08 19:48 UTC by Eduardo M. Fleury
Modified: 2007-11-30 22:07 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2007-02-13 21:30:05 UTC
Target Upstream Version:

Attachments (Terms of Use)

Description Eduardo M. Fleury 2007-02-08 19:48:20 UTC
Description of problem:
In a certification environment CUPS is expected to print only if the log
subsystem (Audit) is running. This is not happening as of RHEL5 RC 2006-01-26,
installed with LSPP KS v18-1

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1) Make sure you have an USB printer configured and printing properly, if you don't:
lpadmin -p MyPrinter -E -v usb:/dev/usb/lp0 -m postscript.ppd.gz
lpadmin -d MyPrinter

2) Shut down Audit
run_init /etc/init.d/auditd stop

3) Print something

Actual results:
Page is printed and log messages are not kept.

Expected results:
CUPS should detect Audit status and refuse from printing.

Additional info:
This is required for the LSPP certification.

Comment 2 RHEL Product and Program Management 2007-02-09 11:40:33 UTC
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux major release.  Product Management has requested further
review of this request by Red Hat Engineering, for potential inclusion in a Red
Hat Enterprise Linux Major release.  This request is not yet committed for

Comment 3 Linda Knippers 2007-02-09 15:37:47 UTC
Cups can be configured to not start if it can't open open the audit netlink
socket.  Check out /etc/libaudit.conf.  Cups will do whatever action 
is specified there (default is ignore) if the open fails.  However,
it doesn't check that if issuing a specific audit record fails.

We had this discussion a long time ago in the lspp conference calls.
Many trusted programs only issue an audit record after the completion
of an operation so that they can include the results (fail/succeed).
useradd is an example.  If it can't issue an audit record, you get
a syslog record but the operation still completed.

While auditing data exporting is a new requirement for LSPP, the
general behavior of audit and trusted programs isn't new.  If all
trusted programs have to fail to execute if the results can't be
audited then we're got more than just cups to deal with and we'll
have to figure out how to undo operations (if that's possible) that
we couldn't audit.

Comment 5 Klaus Heinrich Kiwi 2007-02-13 17:24:42 UTC
 will this get marked as NOTABUG? Matt, is this related to the changes you'll
submit to cups?

Comment 6 Matt Anderson 2007-02-13 18:04:16 UTC
Yes I think it should be marked as NOTABUG.

I don't have a patch for this and haven't been convinced that we need one.

Note You need to log in before you can comment on or make changes to this bug.