From bfb806120a0c973ba89f9070d499510216eb8409 Mon Sep 17 00:00:00 2001
From: Stephen Smalley <sds@tycho.nsa.gov>
Date: Thu, 20 Feb 2014 14:20:20 -0500
Subject: [PATCH] Prevent incompatible option combinations.

checkmodule -m and -b are fundamentally incompatible with each other,
so reject attempts to use them together.

Resolves
https://bugzilla.redhat.com/show_bug.cgi?id=1064603

Also fix the error message for -m with -U to use stderr.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
 checkpolicy/checkmodule.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/checkpolicy/checkmodule.c b/checkpolicy/checkmodule.c
index 41ebab50..f25bc285 100644
--- a/checkpolicy/checkmodule.c
+++ b/checkpolicy/checkmodule.c
@@ -224,8 +224,12 @@ int main(int argc, char **argv)
 	}
 
 	if (handle_unknown && (policy_type != POLICY_BASE)) {
-		printf("Handling of unknown classes and permissions is only ");
-		printf("valid in the base module\n");
+		fprintf(stderr, "%s:  Handling of unknown classes and permissions is only valid in the base module.\n", argv[0]);
+		exit(1);
+	}
+
+	if (binary && (policy_type != POLICY_BASE)) {
+		fprintf(stderr, "%s:  -b and -m are incompatible with each other.\n", argv[0]);
 		exit(1);
 	}