diff --git a/apparmor.vim b/apparmor.vim
index f8bfdbe..4c56b1e 100644
--- a/apparmor.vim
+++ b/apparmor.vim
@@ -3,20 +3,20 @@
 " ----------------------------------------------------------------------
 "    Copyright (c) 2005 Novell, Inc. All Rights Reserved.
 "    Copyright (c) 2006-2011 Christian Boltz. All Rights Reserved.
-"      
+"
 "    This program is free software; you can redistribute it and/or
 "    modify it under the terms of version 2 of the GNU General Public
 "    License as published by the Free Software Foundation.
-"      
+"
 "    This program is distributed in the hope that it will be useful,
 "    but WITHOUT ANY WARRANTY; without even the implied warranty of
 "    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 "    GNU General Public License for more details.
-"      
+"
 "    You should have received a copy of the GNU General Public License
 "    along with this program; if not, contact Novell, Inc.
-"      
-"    To contact Novell about this file by physical or electronic mail, 
+"
+"    To contact Novell about this file by physical or electronic mail,
 "    you may find current contact information at www.novell.com.
 "
 "    To contact Christian Boltz about this file by physical or electronic
@@ -26,7 +26,7 @@
 "    to suse-beta[AT]cboltz.de (replace [AT] with @).
 " ----------------------------------------------------------------------
 "
-" stick this file into ~/.vim/syntax/ and add these commands into your .vimrc 
+" stick this file into ~/.vim/syntax/ and add these commands into your .vimrc
 " to have vim automagically use this syntax file for these directories:
 "
 " autocmd BufNewFile,BufRead /etc/apparmor.d/*        set syntax=apparmor
@@ -70,7 +70,7 @@ syntax case match
 	hi def link sdEntryK Normal
 	hi def link sdFlags Normal
 	hi sdEntryChangeProfile     ctermfg=darkgreen cterm=underline
-"else 
+"else
 " dark background
 "	hi sdProfileName ctermfg=white
 "	hi sdHatName ctermfg=white
@@ -128,23 +128,22 @@ syn cluster sdEntry contains=sdEntryWriteExec,sdEntryR,sdEntryW,sdEntryIX,sdEntr
 " Capability line
 
 " normal capabilities - really keep this list? syn match sdCap should be enough... (difference: sdCapKey words would loose underlining)
-syn keyword  sdCapKey          chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_chroot sys_ptrace sys_pacct sys_boot sys_nice sys_resource sys_time sys_tty_config syslog mknod lease
+syn keyword  sdCapKey          chown dac_override dac_read_search fowner fsetid ipc_lock ipc_owner kill lease linux_immutable mknod net_admin net_bind_service net_broadcast net_raw setfcap setgid setpcap setuid syslog sys_boot sys_chroot sys_nice sys_pacct sys_ptrace sys_resource sys_time sys_tty_config wake_alarm
 
 " dangerous capabilities - highlighted separately
 syn keyword sdCapDanger	       audit_control audit_write mac_override mac_admin set_fcap sys_admin sys_module sys_rawio
 
 " full line. Keywords are from sdCapKey + sdCapDanger
-syn match  sdCap /\v^\s*(audit\s+)?(deny\s+)?capability\s+(chown|dac_override|dac_read_search|fowner|fsetid|kill|setgid|setuid|setpcap|linux_immutable|net_bind_service|net_broadcast|net_admin|net_raw|ipc_lock|ipc_owner|sys_chroot|sys_ptrace|sys_pacct|sys_boot|sys_nice|sys_resource|sys_time|sys_tty_config|syslog|mknod|lease|audit_control|audit_write|mac_override|mac_admin|set_fcap|sys_admin|sys_module|sys_rawio)\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdCapKey,sdCapDanger,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
-" set capability was removed - TODO: remove everywhere in apparmor.vim
-" syn match  sdSetCap /\v^\s*set\s+capability\s+(chown|dac_override|dac_read_search|fowner|fsetid|kill|setgid|setuid|setpcap|linux_immutable|net_bind_service|net_broadcast|net_admin|net_raw|ipc_lock|ipc_owner|sys_chroot|sys_ptrace|sys_pacct|sys_boot|sys_nice|sys_resource|sys_time|sys_tty_config|syslog|mknod|lease|audit_control|audit_write|mac_override|mac_admin|set_fcap|sys_admin|sys_module|sys_rawio)\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdCapKey,sdCapDanger,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
-
+syn match  sdCap /\v^\s*(audit\s+)?(deny\s+)?capability\s+(audit_control|audit_write|chown|dac_override|dac_read_search|fowner|fsetid|ipc_lock|ipc_owner|kill|lease|linux_immutable|mac_admin|mac_override|mknod|net_admin|net_bind_service|net_broadcast|net_raw|setfcap|setgid|setpcap|setuid|syslog|sys_admin|sys_boot|sys_chroot|sys_module|sys_nice|sys_pacct|sys_ptrace|sys_rawio|sys_resource|sys_time|sys_tty_config|wake_alarm)\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdCapKey,sdCapDanger,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
+" all capabilities ('capability' without any keyword)
+syn match  sdCapDanger /\v^\s*(audit\s+)?(deny\s+)?capability\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
 
 " Network line
 " Syntax: network domain (inet, ...) type (stream, ...) protocol (tcp, ...)
 " TODO: 'owner' isn't supported, but will be (JJ, 2011-01-11)
-syn match  sdNetwork         /\v^\s*(audit\s+)?(deny\s+)?network(\s+(inet|ax25|ipx|appletalk|netrom|bridge|atmpvc|x25|inet6|rose|netbeui|security|key|packet|ash|econet|atmsvc|sna|irda|pppox|wanpipe|bluetooth))?(\s+(stream|dgram|seqpacket|rdm|packet))?(\s+tcp|\s+udp|\s+icmp)?\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
+syn match  sdNetwork         /\v^\s*(audit\s+)?(deny\s+)?network(\s+(inet|ax25|ipx|appletalk|netrom|bridge|atmpvc|x25|inet6|rose|netbeui|security|key|packet|ash|econet|atmsvc|rds|sna|irda|pppox|wanpipe|llc|can|tipc|bluetooth|iucv|rxrpc|isdn|phonet|ieee802154|caif|alg|nfc))?(\s+(stream|dgram|seqpacket|rdm|packet))?(\s+tcp|\s+udp|\s+icmp)?\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
 " network rules containing 'raw'
-syn match  sdNetworkDanger         /\v^\s*(audit\s+)?(deny\s+)?network(\s+(inet|ax25|ipx|appletalk|netrom|bridge|atmpvc|x25|inet6|rose|netbeui|security|key|packet|ash|econet|atmsvc|sna|irda|pppox|wanpipe|bluetooth))?(\s+(raw))(\s+tcp|\s+udp|\s+icmp)?\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
+syn match  sdNetworkDanger         /\v^\s*(audit\s+)?(deny\s+)?network(\s+(inet|ax25|ipx|appletalk|netrom|bridge|atmpvc|x25|inet6|rose|netbeui|security|key|packet|ash|econet|atmsvc|rds|sna|irda|pppox|wanpipe|llc|can|tipc|bluetooth|iucv|rxrpc|isdn|phonet|ieee802154|caif|alg|nfc))?(\s+(raw))(\s+tcp|\s+udp|\s+icmp)?\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
 " 'all networking' includes raw -> mark as dangerous
 syn match  sdNetworkDanger         /\v^\s*(audit\s+)?(deny\s+)?network\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
 
@@ -215,11 +214,11 @@ syn match sdExtHat  /\v^\s+(\^|profile\s+)\S+\s*,(\s*$|(\s*#.*$)\@=)/ contains=s
 
 
 syn match sdProfileName /\v^((profile\s+)?\/\S+|profile\s+([a-zA-Z0-9]\S*\s)?\S+)\s+((flags\s*\=\s*)?\(\s*(complain|audit|attach_disconnect|no_attach_disconnected|chroot_attach|chroot_no_attach|chroot_relative|namespace_relative)(\s*,\s*(complain|audit|attach_disconnect|no_attach_disconnected|chroot_attach|chroot_no_attach|chroot_relative|namespace_relative))*\s*\)\s+)=\{/ contains=sdProfileStart,sdHatName,sdFlags,sdComment,sdGlob
-syn match sdProfileStart /{/ contained 
+syn match sdProfileStart /{/ contained
 syn match sdProfileEnd /^}\s*(#.*)?$/ contained " TODO: syn region does not (yet?) allow usage of comment in end=
                                                 " TODO: Removing the $ mark from end= will allow non-comments also :-(
 syn match sdHatName /\v^\s+(\^|profile\s+)\S+\s+((flags\s*\=\s*)?\(\s*(complain|audit|attach_disconnect|no_attach_disconnected|chroot_attach|chroot_no_attach|chroot_relative|namespace_relative)(\s*,\s*(complain|audit|attach_disconnect|no_attach_disconnected|chroot_attach|chroot_no_attach|chroot_relative|namespace_relative))*\s*\)\s+)=\{/ contains=sdProfileStart,sdFlags,sdComment
-syn match sdHatStart /{/ contained 
+syn match sdHatStart /{/ contained
 syn match sdHatEnd /}/ contained " TODO: allow comments + [same as for syn match sdProfileEnd]
 syn match sdFlags /\v((flags\s*\=\s*)?\(\s*(complain|audit|attach_disconnect|no_attach_disconnected|chroot_attach|chroot_no_attach|chroot_relative|namespace_relative)(\s*,\s*(complain|audit|attach_disconnect|no_attach_disconnected|chroot_attach|chroot_no_attach|chroot_relative|namespace_relative))*\s*\)\s+)/ contained contains=sdFlagKey
 
diff --git a/vim.changes b/vim.changes
index cf77b1c..ae48113 100644
--- a/vim.changes
+++ b/vim.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Sun Jun 17 21:47:35 UTC 2012 - opensuse@cboltz.de
+
+- update apparmor.vim (taken from AppArmor 2.8)
+  * update list of capabilities and network protocols
+
 -------------------------------------------------------------------
 Mon Jun  4 20:16:11 UTC 2012 - seife+obs@b1-systems.com