Commit db70a376 authored by John Johansen's avatar John Johansen

Update x conflict failure message

Output a better failure message when a conflict of x permissions cause
policy compilation to fail.  We don't have enough information available
to output which rules during the dfa compilation so just improve the
message to let people know that it means there are conflicting x modifiers
in the rules.
Signed-off-by: 's avatarJohn Johansen <john.johansen@canonical.com>
parent b8be7152
......@@ -150,12 +150,12 @@ static inline int is_merged_x_consistent(int a, int b)
{
if ((a & AA_USER_EXEC) && (b & AA_USER_EXEC) &&
((a & AA_USER_EXEC_TYPE) != (b & AA_USER_EXEC_TYPE)))
{ fprintf(stderr, "failed user merge 0x%x 0x%x\n", a, b);
{ //fprintf(stderr, "failed user merge 0x%x 0x%x\n", a, b);
return 0;
}
if ((a & AA_OTHER_EXEC) && (b & AA_OTHER_EXEC) &&
((a & AA_OTHER_EXEC_TYPE) != (b & AA_OTHER_EXEC_TYPE)))
{ fprintf(stderr, "failed other merge 0x%x 0x%x\n", a, b);
{ //fprintf(stderr, "failed other merge 0x%x 0x%x\n", a, b);
return 0;
}
return 1;
......
......@@ -2823,6 +2823,9 @@ uint32_t accept_perms(NodeSet *state, uint32_t *audit_ctl, int *error)
//if (perms & AA_CHANGE_HAT)
// fprintf(stderr, "change_hat 0x%x\n", perms);
if (*error)
PERROR(_("profile has merged rule with conflicting x modifiers\n"));
return perms;
}
......
......@@ -108,8 +108,9 @@ static int process_file_entries(struct codomain *cod)
if (file_comp(&cur, &next) == 0) {
/* check for merged x consistency */
if (!is_merged_x_consistent(cur->mode, next->mode)) {
PERROR(_("profile %s: has merged rule %s with multiple x modifiers\n"),
cod->name, cur->name);
PERROR(_("profile %s: has merged rule %s with "
"conflicting x modifiers\n",
cod->name, cur->name);
return 0;
}
//if (next->audit)
......
......@@ -149,9 +149,11 @@ msgstr ""
msgid "Couldn't merge entries. Out of Memory\n"
msgstr ""
#. Changed multiple -> conflicting to better reflect that the error is
#. caused when two or more x modifiers are of a conflicting type
#: ../parser_merge.c:77
#, c-format
msgid "profile %s: has merged rule %s with multiple x modifiers\n"
msgid "profile %s: has merged rule %s with conflicting x modifiers\n"
msgstr ""
#: ../parser_merge.c:140
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment