in rule/flags/flags.go [141:201]
func (r *ruleFlagSet) validate() error {
var (
deleteAll uint8
fileWatch uint8
syscall uint8
)
r.flagSet.Visit(func(f *flag.Flag) {
switch f.Name {
case "D":
deleteAll = 1
case "w", "p":
fileWatch = 1
case "a", "A", "C", "F", "S":
syscall = 1
}
})
// Test for mutual exclusivity.
switch deleteAll + fileWatch + syscall {
case 0:
return errors.New("missing an operation flag (add or delete rule)")
case 1:
switch {
case deleteAll > 0:
r.Type = rule.DeleteAllRuleType
case fileWatch > 0:
r.Type = rule.FileWatchRuleType
case syscall > 0:
r.Type = rule.AppendSyscallRuleType
}
default:
ops := make([]string, 0, 3)
if deleteAll > 0 {
ops = append(ops, "delete all [-D]")
}
if fileWatch > 0 {
ops = append(ops, "file watch [-w|-p]")
}
if syscall > 0 {
ops = append(ops, "audit rule [-a|-A|-S|-C|-F]")
}
return fmt.Errorf("mutually exclusive flags uses together (%v)",
strings.Join(ops, " and "))
}
if syscall > 0 {
var zero addFlag
if r.Prepend == zero && r.Append == zero {
return errors.New("audit rules must specify either [-A] or [-a]")
}
if r.Prepend != zero && r.Append != zero {
return fmt.Errorf("audit rules cannot specify both [-A] and [-a]")
}
if r.Prepend != zero {
r.Type = rule.PrependSyscallRuleType
}
}
return nil
}