Update x conflict failure message

Output a better failure message when a conflict of x permissions cause policy compilation to fail. We don't have enough information available to output which rules during the dfa compilation so just improve the message to let people know that it means there are conflicting x modifiers in the rules. Signed-off-by: John Johansen <john.johansen@canonical.com>
2025-08-22 18:17:09 +00:00 · 2011-02-22 03:47:03 -08:00 · 2011-02-22 03:47:03 -08:00 · db70a37621
commit db70a37621
parent b8be715227
4 changed files with 11 additions and 5 deletions
--- a/parser/immunix.h
+++ b/parser/immunix.h
@ -150,12 +150,12 @@ static inline int is_merged_x_consistent(int a, int b)
 {
 	if ((a & AA_USER_EXEC) && (b & AA_USER_EXEC) &&
 	    ((a & AA_USER_EXEC_TYPE) != (b & AA_USER_EXEC_TYPE)))
-{ fprintf(stderr, "failed user merge 0x%x 0x%x\n", a, b);
+	  { //fprintf(stderr, "failed user merge 0x%x 0x%x\n", a, b);
 		return 0;
 }
 	if ((a & AA_OTHER_EXEC) && (b & AA_OTHER_EXEC) &&
 	    ((a & AA_OTHER_EXEC_TYPE) != (b & AA_OTHER_EXEC_TYPE)))
-{ fprintf(stderr, "failed other merge 0x%x 0x%x\n", a, b);
+	  { //fprintf(stderr, "failed other merge 0x%x 0x%x\n", a, b);
 		return 0;
 }
 	return 1;
--- a/parser/libapparmor_re/regexp.y
+++ b/parser/libapparmor_re/regexp.y
@ -2823,6 +2823,9 @@ uint32_t accept_perms(NodeSet *state, uint32_t *audit_ctl, int *error)
 //if (perms & AA_CHANGE_HAT)
 //     fprintf(stderr, "change_hat 0x%x\n", perms);

+    if (*error)
+	    PERROR(_("profile has merged rule with conflicting x modifiers\n"));
+
    return perms;
 }

--- a/parser/parser_merge.c
+++ b/parser/parser_merge.c
@ -108,8 +108,9 @@ static int process_file_entries(struct codomain *cod)
 		if (file_comp(&cur, &next) == 0) {
 			/* check for merged x consistency */
 			if (!is_merged_x_consistent(cur->mode, next->mode)) {
-				PERROR(_("profile %s: has merged rule %s with multiple x modifiers\n"),
-				       cod->name, cur->name);
+				PERROR(_("profile %s: has merged rule %s with "
+					 "conflicting x modifiers\n",
+					 cod->name, cur->name);
 				return 0;
 			}
 //if (next->audit)
--- a/parser/po/subdomain_parser.pot
+++ b/parser/po/subdomain_parser.pot
@ -149,9 +149,11 @@ msgstr ""
 msgid "Couldn't merge entries. Out of Memory\n"
 msgstr ""

+#. Changed multiple -> conflicting to better reflect that the error is
+#. caused when two or more x modifiers are of a conflicting type
 #: ../parser_merge.c:77
 #, c-format
-msgid "profile %s: has merged rule %s with multiple x modifiers\n"
+msgid "profile %s: has merged rule %s with conflicting x modifiers\n"
 msgstr ""

 #: ../parser_merge.c:140