[apparmor] [PATCH 1/6] Update x conflict failure message

Fri Feb 18 01:51:02 UTC 2011

Looks incomplete, details below.

On Thu, Feb 17, 2011 at 5:22 PM, John Johansen
<john.johansen at canonical.com> wrote:
> Output a better failure message when a conflict of x permissions cause
> policy compilation to fail.  We don't have enough information available
> to output which rules during the dfa compilation so just improve the
> message to let people know that it means there are conflicting x modifiers
> in the rules.
>
> Signed-off-by: John Johansen <john.johansen at canonical.com>
> ---
>  parser/immunix.h               |    4 ++--
>  parser/libapparmor_re/regexp.y |    3 +++
>  parser/parser_merge.c          |    2 +-
>  3 files changed, 6 insertions(+), 3 deletions(-)
>
> diff --git a/parser/immunix.h b/parser/immunix.h
> index 0d1729f..72446fc 100644
> --- a/parser/immunix.h
> +++ b/parser/immunix.h
> @@ -150,12 +150,12 @@ static inline int is_merged_x_consistent(int a, int b)
>  {
>        if ((a & AA_USER_EXEC) && (b & AA_USER_EXEC) &&
>            ((a & AA_USER_EXEC_TYPE) != (b & AA_USER_EXEC_TYPE)))
> -{ fprintf(stderr, "failed user merge 0x%x 0x%x\n", a, b);
> +         { //fprintf(stderr, "failed user merge 0x%x 0x%x\n", a, b);
>                return 0;
>  }
>        if ((a & AA_OTHER_EXEC) && (b & AA_OTHER_EXEC) &&
>            ((a & AA_OTHER_EXEC_TYPE) != (b & AA_OTHER_EXEC_TYPE)))
> -{ fprintf(stderr, "failed other merge 0x%x 0x%x\n", a, b);
> +         { //fprintf(stderr, "failed other merge 0x%x 0x%x\n", a, b);
>                return 0;
>  }
>        return 1;
> diff --git a/parser/libapparmor_re/regexp.y b/parser/libapparmor_re/regexp.y
> index c07b1cf..e0b47b2 100644
> --- a/parser/libapparmor_re/regexp.y
> +++ b/parser/libapparmor_re/regexp.y
> @@ -2823,6 +2823,9 @@ uint32_t accept_perms(NodeSet *state, uint32_t *audit_ctl, int *error)
>  //if (perms & AA_CHANGE_HAT)
>  //     fprintf(stderr, "change_hat 0x%x\n", perms);
>
> +    if (*error)
> +           PERROR(_("profile has merged rule %s with conflicting x modifiers\n"));

There's a %s but no corresponding argument.

> +
>     return perms;
>  }
>
> diff --git a/parser/parser_merge.c b/parser/parser_merge.c
> index cc6ffb1..7044bfc 100644
> --- a/parser/parser_merge.c
> +++ b/parser/parser_merge.c
> @@ -108,7 +108,7 @@ static int process_file_entries(struct codomain *cod)
>                if (file_comp(&cur, &next) == 0) {
>                        /* check for merged x consistency */
>                        if (!is_merged_x_consistent(cur->mode, next->mode)) {
> -                               PERROR(_("profile %s: has merged rule %s with multiple x modifiers\n"),
> +                               PERROR(_("profile %s: has merged rule %s with conflicting x modifiers\n"),

This one looks better, but the translations probably need a
s/multiple/conflicting/ -- maybe with a note to translators, too?

>                                       cod->name, cur->name);
>                                return 0;
>                        }
> --
> 1.7.1
>
>
> --
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
>