On Friday 09 February 2007 11:46, Linda Knippers wrote: > I updated the bugzilla to explain why and to point out that lots of > trusted programs issue audit records at the completion of some operation > (they include the results in the audit record) and don't undo the operation > if issuing the audit record fails.
They should all open the audit socket before performing that operation. They could call audit_status and see if the audit daemon is registered. But you would have to have a command line option to tell the program that it should treat the absence of an audit daemon in a way as to deny the requested action. Not all users want this behavior. > We could certainly change cupsd to fail to queue a job or to cancel a job if > it can't be audited but what about the other programs? The should all be fixed to do that I suppose. I can add a function to libaudit that does the status check and returns yes or no if the audit daemon is registered. Would this help? -Steve -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
