Merge parser: Remove check for root to run parser

The check isn't correct, it should be checking for capability
MAC_ADMIN, but in the future that won't be correct either. Instead
rely on the kernel to check permission to load policy, which it alread
does as it is possible to by-pass the parser to load policy.

Also improve the error message when the kernel does deny
loading policy due to failed permission checks.

Signed-off-by: John Johansen <john.johansen@canonical.com>

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1044
Approved-by: Seth Arnold <seth.arnold@gmail.com>
Merged-by: John Johansen <john@jjmx.net>

parser/parser_interface.c

@@ -51,9 +51,6 @@ static void print_error(int error)
 	case -ESPIPE:
 		PERROR(_("Bad write position\n"));
 		break;
-	case -EPERM:
-		PERROR(_("Permission denied\n"));
-		break;
 	case -ENOMEM:
 		PERROR(_("Out of memory\n"));
 		break;
@@ -75,8 +72,13 @@ static void print_error(int error)
 	case -ENOENT:
 		PERROR(_("Profile doesn't exist\n"));
 		break;
+	case -EPERM:
+		PERROR(_("%s: Permission denied. You need policy admin privileges to manage profiles.\n\n"),
+		       progname);
+		break;
 	case -EACCES:
-		PERROR(_("Permission denied; attempted to load a profile while confined?\n"));
+		PERROR(_("%s: Access denied. You need policy admin privileges to manage profiles.\n\n"),
+		       progname);
 		break;
 	default:
 		PERROR(_("Unknown error (%d): %s\n"), -error, strerror(-error));

parser/parser_main.c

@@ -855,12 +855,6 @@ int have_enough_privilege(void)
 	uid = getuid();
 	euid = geteuid();
 
-	if (uid != 0 && euid != 0) {
-		PERROR(_("%s: Sorry. You need root privileges to run this program.\n\n"),
-		       progname);
-		return EPERM;
-	}
-
 	if (uid != 0 && euid == 0) {
 		PERROR(_("%s: Warning! You've set this program setuid root.\n"
 			 "Anybody who can run this program can update "