From db70a37621d32d188a344f7002a207ffa7ef40a7 Mon Sep 17 00:00:00 2001
From: John Johansen <john.johansen@canonical.com>
Date: Tue, 22 Feb 2011 03:47:03 -0800
Subject: [PATCH] Update x conflict failure message

Output a better failure message when a conflict of x permissions cause
policy compilation to fail.  We don't have enough information available
to output which rules during the dfa compilation so just improve the
message to let people know that it means there are conflicting x modifiers
in the rules.

Signed-off-by: John Johansen <john.johansen@canonical.com>
---
 parser/immunix.h               | 4 ++--
 parser/libapparmor_re/regexp.y | 3 +++
 parser/parser_merge.c          | 5 +++--
 parser/po/subdomain_parser.pot | 4 +++-
 4 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/parser/immunix.h b/parser/immunix.h
index 0d1729f44..72446fc7f 100644
--- a/parser/immunix.h
+++ b/parser/immunix.h
@@ -150,12 +150,12 @@ static inline int is_merged_x_consistent(int a, int b)
 {
 	if ((a & AA_USER_EXEC) && (b & AA_USER_EXEC) &&
 	    ((a & AA_USER_EXEC_TYPE) != (b & AA_USER_EXEC_TYPE)))
-{ fprintf(stderr, "failed user merge 0x%x 0x%x\n", a, b);
+	  { //fprintf(stderr, "failed user merge 0x%x 0x%x\n", a, b);
 		return 0;
 }
 	if ((a & AA_OTHER_EXEC) && (b & AA_OTHER_EXEC) &&
 	    ((a & AA_OTHER_EXEC_TYPE) != (b & AA_OTHER_EXEC_TYPE)))
-{ fprintf(stderr, "failed other merge 0x%x 0x%x\n", a, b);
+	  { //fprintf(stderr, "failed other merge 0x%x 0x%x\n", a, b);
 		return 0;
 }
 	return 1;
diff --git a/parser/libapparmor_re/regexp.y b/parser/libapparmor_re/regexp.y
index c07b1cfc0..ba51f1f81 100644
--- a/parser/libapparmor_re/regexp.y
+++ b/parser/libapparmor_re/regexp.y
@@ -2823,6 +2823,9 @@ uint32_t accept_perms(NodeSet *state, uint32_t *audit_ctl, int *error)
 //if (perms & AA_CHANGE_HAT)
 //     fprintf(stderr, "change_hat 0x%x\n", perms);
 
+    if (*error)
+	    PERROR(_("profile has merged rule with conflicting x modifiers\n"));
+
     return perms;
 }
 
diff --git a/parser/parser_merge.c b/parser/parser_merge.c
index cc6ffb18b..b47f96258 100644
--- a/parser/parser_merge.c
+++ b/parser/parser_merge.c
@@ -108,8 +108,9 @@ static int process_file_entries(struct codomain *cod)
 		if (file_comp(&cur, &next) == 0) {
 			/* check for merged x consistency */
 			if (!is_merged_x_consistent(cur->mode, next->mode)) {
-				PERROR(_("profile %s: has merged rule %s with multiple x modifiers\n"),
-				       cod->name, cur->name);
+				PERROR(_("profile %s: has merged rule %s with "
+					 "conflicting x modifiers\n",
+					 cod->name, cur->name);
 				return 0;
 			}
 //if (next->audit)
diff --git a/parser/po/subdomain_parser.pot b/parser/po/subdomain_parser.pot
index 6fa13fcf3..90d5fc2fe 100644
--- a/parser/po/subdomain_parser.pot
+++ b/parser/po/subdomain_parser.pot
@@ -149,9 +149,11 @@ msgstr ""
 msgid "Couldn't merge entries. Out of Memory\n"
 msgstr ""
 
+#. Changed multiple -> conflicting to better reflect that the error is
+#. caused when two or more x modifiers are of a conflicting type
 #: ../parser_merge.c:77
 #, c-format
-msgid "profile %s: has merged rule %s with multiple x modifiers\n"
+msgid "profile %s: has merged rule %s with conflicting x modifiers\n"
 msgstr ""
 
 #: ../parser_merge.c:140