[cups.development] CUPS LSPP patches
mra at hp.com
Tue Aug 14 16:08:30 PDT 2007
CUPS has a history of being used in sensitive environments, and with the
recent HP/IBM/Redhat evaluation CUPS was used to meet the requirements
of LSPP at EAL4+. The three previous STRs contain the additional code
needed for that evaluation.
SELinux support - str2474
Auditing support - str2475
Labeled Banner support - str2476
The patches included along with those feature requests are intended to
all be applied over cups-1.3.0.
This work could not have been completed without contributions from
TCS/HP/IBM/Redhat, and of course this list, building upon an already
great CUPS framework.
There are somethings not addressed with these patches:
- A significantly complex SELinux context could extend beyond the width
of the page causing information to be lost in the printed label. For
our evaluation I had another patch for WriteLabelProlog() in
filter/common.c which broke long labels up over multiple lines.
- Another issue was we had to disable the ability for users to supply a
page-label option. We also heard from customers that they sometimes
need to set page-label to something like "Training" so I'd like to
propose a patch which allows an administrator to force page-label to a
certain value for a given printer.
- FileDevices are not supported in this SELinux patch, that should be added.
I would hope that all these features could be included in CUPS, but I am
not tied to how they are currently implemented. If there are better
ways to do things I am all for that, as long as the final result is
something that could still be used to meet the requirements of the LSPP.
More information about the cups-devel