Accepting request 79276 from home:cboltz:branches:editors
- apparmor.vim update - allow pux and PUx rules - add some new capabilities - fix pattern for variable names (allow numbers, except for first char) - apparmor.vim generated from AppArmor trunk aka 2.7 beta Please forward this SR to Factory. OBS-URL: https://build.opensuse.org/request/show/79276 OBS-URL: https://build.opensuse.org/package/show/editors/vim?expand=0&rev=52
This commit is contained in:
parent
c805991245
commit
74fb68eb75
19
apparmor.vim
19
apparmor.vim
@ -1,4 +1,4 @@
|
|||||||
" $Id: apparmor.vim,v 1.11 2011/01/31 22:48:07 cb Exp $
|
" $Id: apparmor.vim.in,v 1.11 2011/03/28 11:23:13 cb Exp $
|
||||||
"
|
"
|
||||||
" ----------------------------------------------------------------------
|
" ----------------------------------------------------------------------
|
||||||
" Copyright (c) 2005 Novell, Inc. All Rights Reserved.
|
" Copyright (c) 2005 Novell, Inc. All Rights Reserved.
|
||||||
@ -113,7 +113,7 @@ syn match sdError /^.*$/ contains=sdComment "highlight all non-valid lines as er
|
|||||||
" This allows incorrect lines also and should be checked better.
|
" This allows incorrect lines also and should be checked better.
|
||||||
" This also (accidently ;-) includes variable definitions (@{FOO}=/bar)
|
" This also (accidently ;-) includes variable definitions (@{FOO}=/bar)
|
||||||
" TODO: make a separate pattern for variable definitions, then mark sdGlob as contained
|
" TODO: make a separate pattern for variable definitions, then mark sdGlob as contained
|
||||||
syn match sdGlob /\v\?|\*|\{.*,.*\}|[[^\]]\+\]|\@\{[a-zA-Z_]*\}/
|
syn match sdGlob /\v\?|\*|\{.*,.*\}|[[^\]]\+\]|\@\{[a-zA-Z][a-zA-Z0-9_]*\}/
|
||||||
|
|
||||||
syn match sdAlias /\v^alias\s+(\/|\@\{\S*\})\S*\s+-\>\s+(\/|\@\{\S*\})\S*\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob
|
syn match sdAlias /\v^alias\s+(\/|\@\{\S*\})\S*\s+-\>\s+(\/|\@\{\S*\})\S*\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob
|
||||||
|
|
||||||
@ -128,15 +128,15 @@ syn cluster sdEntry contains=sdEntryWriteExec,sdEntryR,sdEntryW,sdEntryIX,sdEntr
|
|||||||
" Capability line
|
" Capability line
|
||||||
|
|
||||||
" normal capabilities - really keep this list? syn match sdCap should be enough... (difference: sdCapKey words would loose underlining)
|
" normal capabilities - really keep this list? syn match sdCap should be enough... (difference: sdCapKey words would loose underlining)
|
||||||
syn keyword sdCapKey chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease
|
syn keyword sdCapKey chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_chroot sys_ptrace sys_pacct sys_boot sys_nice sys_resource sys_time sys_tty_config syslog mknod lease
|
||||||
|
|
||||||
" dangerous capabilities - highlighted separately
|
" dangerous capabilities - highlighted separately
|
||||||
syn keyword sdCapDanger sys_admin audit_control audit_write set_fcap mac_override mac_admin
|
syn keyword sdCapDanger audit_control audit_write mac_override mac_admin set_fcap sys_admin sys_module sys_rawio
|
||||||
|
|
||||||
" full line. Keywords are from sdCapKey + sdCapDanger
|
" full line. Keywords are from sdCapKey + sdCapDanger
|
||||||
syn match sdCap /\v^\s*(audit\s+)?(deny\s+)?capability\s+(chown|dac_override|dac_read_search|fowner|fsetid|kill|setgid|setuid|setpcap|linux_immutable|net_bind_service|net_broadcast|net_admin|net_raw|ipc_lock|ipc_owner|sys_module|sys_rawio|sys_chroot|sys_ptrace|sys_pacct|sys_boot|sys_nice|sys_resource|sys_time|sys_tty_config|mknod|lease|sys_admin|audit_control|audit_write|set_fcap|mac_override|mac_admin)\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdCapKey,sdCapDanger,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
|
syn match sdCap /\v^\s*(audit\s+)?(deny\s+)?capability\s+(chown|dac_override|dac_read_search|fowner|fsetid|kill|setgid|setuid|setpcap|linux_immutable|net_bind_service|net_broadcast|net_admin|net_raw|ipc_lock|ipc_owner|sys_chroot|sys_ptrace|sys_pacct|sys_boot|sys_nice|sys_resource|sys_time|sys_tty_config|syslog|mknod|lease|audit_control|audit_write|mac_override|mac_admin|set_fcap|sys_admin|sys_module|sys_rawio)\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdCapKey,sdCapDanger,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
|
||||||
" set capability was removed - TODO: remove everywhere in apparmor.vim
|
" set capability was removed - TODO: remove everywhere in apparmor.vim
|
||||||
" syn match sdSetCap /\v^\s*set\s+capability\s+(chown|dac_override|dac_read_search|fowner|fsetid|kill|setgid|setuid|setpcap|linux_immutable|net_bind_service|net_broadcast|net_admin|net_raw|ipc_lock|ipc_owner|sys_module|sys_rawio|sys_chroot|sys_ptrace|sys_pacct|sys_boot|sys_nice|sys_resource|sys_time|sys_tty_config|mknod|lease|sys_admin|audit_control|audit_write|set_fcap|mac_override|mac_admin)\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdCapKey,sdCapDanger,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
|
" syn match sdSetCap /\v^\s*set\s+capability\s+(chown|dac_override|dac_read_search|fowner|fsetid|kill|setgid|setuid|setpcap|linux_immutable|net_bind_service|net_broadcast|net_admin|net_raw|ipc_lock|ipc_owner|sys_chroot|sys_ptrace|sys_pacct|sys_boot|sys_nice|sys_resource|sys_time|sys_tty_config|syslog|mknod|lease|audit_control|audit_write|mac_override|mac_admin|set_fcap|sys_admin|sys_module|sys_rawio)\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdCapKey,sdCapDanger,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
|
||||||
|
|
||||||
|
|
||||||
" Network line
|
" Network line
|
||||||
@ -176,9 +176,10 @@ syn match sdEntryW /\v^\s+(audit\s+)?(deny\s+)?(owner\s+)?link\s+(subset\s+)?(\/
|
|||||||
syn match sdEntryWriteExec /\v^\s*(audit\s+)?(deny\s+)?(owner\s+)?(\/|\@\{\S*\})\S*\s+(l|r|w|a|m|k|[iuUpPcC]x)+(\s+-\>\s+\S+)?\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
|
syn match sdEntryWriteExec /\v^\s*(audit\s+)?(deny\s+)?(owner\s+)?(\/|\@\{\S*\})\S*\s+(l|r|w|a|m|k|[iuUpPcC]x)+(\s+-\>\s+\S+)?\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
|
||||||
|
|
||||||
" ux(mr) - unconstrained entry, flag the line red
|
" ux(mr) - unconstrained entry, flag the line red
|
||||||
syn match sdEntryUX /\v^\s*(audit\s+)?(deny\s+)?(owner\s+)?(\/|\@\{\S*\})\S*\s+(r|m|k|ux)+(\s+-\>\s+\S+)?\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
|
" also includes pux which is unconstrained if no profile exists
|
||||||
" Ux(mr) - like ux + clean environment
|
syn match sdEntryUX /\v^\s*(audit\s+)?(deny\s+)?(owner\s+)?(\/|\@\{\S*\})\S*\s+(r|m|k|ux|pux)+(\s+-\>\s+\S+)?\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
|
||||||
syn match sdEntryUXe /\v^\s*(audit\s+)?(deny\s+)?(owner\s+)?(\/|\@\{\S*\})\S*\s+(r|m|k|Ux)+(\s+-\>\s+\S+)?\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
|
" Ux(mr) and PUx(mr) - like ux + clean environment
|
||||||
|
syn match sdEntryUXe /\v^\s*(audit\s+)?(deny\s+)?(owner\s+)?(\/|\@\{\S*\})\S*\s+(r|m|k|Ux|PUx)+(\s+-\>\s+\S+)?\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
|
||||||
" px/cx/pix/cix(mrk) - standard exec entry, flag the line blue
|
" px/cx/pix/cix(mrk) - standard exec entry, flag the line blue
|
||||||
syn match sdEntryPX /\v^\s*(audit\s+)?(deny\s+)?(owner\s+)?(\/|\@\{\S*\})\S*\s+(r|m|k|px|cx|pix|cix)+(\s+-\>\s+\S+)?\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
|
syn match sdEntryPX /\v^\s*(audit\s+)?(deny\s+)?(owner\s+)?(\/|\@\{\S*\})\S*\s+(r|m|k|px|cx|pix|cix)+(\s+-\>\s+\S+)?\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
|
||||||
" Px/Cx/Pix/Cix(mrk) - like px/cx + clean environment
|
" Px/Cx/Pix/Cix(mrk) - like px/cx + clean environment
|
||||||
|
@ -1,3 +1,12 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Aug 18 23:30:06 UTC 2011 - opensuse@cboltz.de
|
||||||
|
|
||||||
|
- apparmor.vim update
|
||||||
|
- allow pux and PUx rules
|
||||||
|
- add some new capabilities
|
||||||
|
- fix pattern for variable names (allow numbers, except for first char)
|
||||||
|
- apparmor.vim generated from AppArmor trunk aka 2.7 beta
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Aug 4 11:54:55 UTC 2011 - idonmez@novell.com
|
Thu Aug 4 11:54:55 UTC 2011 - idonmez@novell.com
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user