[cups.development] CUPS LSPP patches

Matt Anderson mra at hp.com
Tue Aug 14 16:08:30 PDT 2007


CUPS has a history of being used in sensitive environments, and with the
recent HP/IBM/Redhat evaluation CUPS was used to meet the requirements
of LSPP at EAL4+.  The three previous STRs contain the additional code
needed for that evaluation.

SELinux support - str2474
Auditing support - str2475
Labeled Banner support - str2476

The patches included along with those feature requests are intended to
all be applied over cups-1.3.0.

This work could not have been completed without contributions from
TCS/HP/IBM/Redhat, and of course this list, building upon an already
great CUPS framework.

There are somethings not addressed with these patches:

- A significantly complex SELinux context could extend beyond the width
of the page causing information to be lost in the printed label.  For
our evaluation I had another patch for WriteLabelProlog() in
filter/common.c which broke long labels up over multiple lines.

- Another issue was we had to disable the ability for users to supply a
page-label option.  We also heard from customers that they sometimes
need to set page-label to something like "Training" so I'd like to
propose a patch which allows an administrator to force page-label to a
certain value for a given printer.

- FileDevices are not supported in this SELinux patch, that should be added.


I would hope that all these features could be included in CUPS, but I am
not tied to how they are currently implemented.  If there are better
ways to do things I am all for that, as long as the final result is
something that could still be used to meet the requirements of the LSPP.

-matt





More information about the cups mailing list