[redhat-lspp] printing

Matt Anderson mra at hp.com
Mon Nov 7 14:10:36 UTC 2005 

Gene Czarcinski wrote:
> 1.  Will I be able to run multiple copies of cups for different printers 
> (e.g., a secret cups and a secret:moonbeam cups) or will a single cups daemon 
> handle multiple printers.  I prefer multiple cups since then I do not need to 
> trust the cups code to do the right thing.

Yes, Multiple copies of cups can still be run concurrently, a single
daemon will still handle multiple printers.  Which printers are attached
to a given listening cups server is up to the admin.  In the end it will
be up to SELinux to "do the right thing" since that is where the label
range check is made.

> 2.  Will there be a banner page which says (more or less), everything which 
> follows will be "sensitivity label" or below since it is perfectly OK to 
> print an unclassified file on a secret printer.

Currently the banner has some variation on s0-s9:c0.c127  which is the
level and compartment range of the process which submitted the print job.

> 3.  Is the intent really to put the sensitivity label (level plus any 
> categories) at the top/bottom of each page of output?  When happens when I am 
> printing an openoffice.org document which may have such marking already?

The intent is to have a config file option which allows an admin to have
the server add the label to the output.  This could then be bypassed by
an lpr runtime option which allows a submitted job to request that the
banners not be generated.  The admin can choose to force the label and
disallow the override, or not, based on their needs.

> 4.  How will the sensitivity label:category assigned to a file be sent to a 
> printer from an application such as openoffice.org (or a2ps for that matter)?

As long as the application ended up exec()'ing lpr to print its output
lpr would connect over a local unix socket to the spooler.  The spooler
will use getpeercon() to get the context of the lpr process and use that
label.  There is ongoing discussion about if the label attached to the
file is better, but there is no clear way to send that data to the
server while protecting the label integrity.

> 5. One though that occurs to me is to have a separate queue for each 
> sensitivity and/or category that a printer can handle.  This could work but 
> seems a bit kludgy to me.

Theoretically you only need one queue and leave the rest to SELinux, but
you could have multiple queues liked you asked for in Question 1.

-matt

More information about the redhat-lspp mailing list