From c80599124528fde8d391ef799e2f44d58f4ab6de9aed2f5c1cd22ea51be3188f Mon Sep 17 00:00:00 2001 From: OBS User buildservice-autocommit Date: Thu, 4 Aug 2011 12:51:32 +0000 Subject: [PATCH 1/2] Updating link to change in openSUSE:Factory/vim revision 63.0 OBS-URL: https://build.opensuse.org/package/show/editors/vim?expand=0&rev=0d1ce7a3fc7a894bd69f9dd208a70128 --- vim.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vim.spec b/vim.spec index 447c584..12394c4 100644 --- a/vim.spec +++ b/vim.spec @@ -19,7 +19,7 @@ Name: vim Version: 7.3 -Release: 9 +Release: 12 License: Vim Group: Productivity/Editors/Vi BuildRequires: db-devel From 74fb68eb75ccc5a725be5c19f565e812328aaa0d200ecd86b6db90f537a73ff6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ismail=20D=C3=B6nmez?= Date: Fri, 19 Aug 2011 06:36:54 +0000 Subject: [PATCH 2/2] Accepting request 79276 from home:cboltz:branches:editors - apparmor.vim update - allow pux and PUx rules - add some new capabilities - fix pattern for variable names (allow numbers, except for first char) - apparmor.vim generated from AppArmor trunk aka 2.7 beta Please forward this SR to Factory. OBS-URL: https://build.opensuse.org/request/show/79276 OBS-URL: https://build.opensuse.org/package/show/editors/vim?expand=0&rev=52 --- apparmor.vim | 19 ++++++++++--------- vim.changes | 9 +++++++++ 2 files changed, 19 insertions(+), 9 deletions(-) diff --git a/apparmor.vim b/apparmor.vim index ebfaebf..fa5c501 100644 --- a/apparmor.vim +++ b/apparmor.vim @@ -1,4 +1,4 @@ -" $Id: apparmor.vim,v 1.11 2011/01/31 22:48:07 cb Exp $ +" $Id: apparmor.vim.in,v 1.11 2011/03/28 11:23:13 cb Exp $ " " ---------------------------------------------------------------------- " Copyright (c) 2005 Novell, Inc. All Rights Reserved. @@ -113,7 +113,7 @@ syn match sdError /^.*$/ contains=sdComment "highlight all non-valid lines as er " This allows incorrect lines also and should be checked better. " This also (accidently ;-) includes variable definitions (@{FOO}=/bar) " TODO: make a separate pattern for variable definitions, then mark sdGlob as contained -syn match sdGlob /\v\?|\*|\{.*,.*\}|[[^\]]\+\]|\@\{[a-zA-Z_]*\}/ +syn match sdGlob /\v\?|\*|\{.*,.*\}|[[^\]]\+\]|\@\{[a-zA-Z][a-zA-Z0-9_]*\}/ syn match sdAlias /\v^alias\s+(\/|\@\{\S*\})\S*\s+-\>\s+(\/|\@\{\S*\})\S*\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob @@ -128,15 +128,15 @@ syn cluster sdEntry contains=sdEntryWriteExec,sdEntryR,sdEntryW,sdEntryIX,sdEntr " Capability line " normal capabilities - really keep this list? syn match sdCap should be enough... (difference: sdCapKey words would loose underlining) -syn keyword sdCapKey chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease +syn keyword sdCapKey chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_chroot sys_ptrace sys_pacct sys_boot sys_nice sys_resource sys_time sys_tty_config syslog mknod lease " dangerous capabilities - highlighted separately -syn keyword sdCapDanger sys_admin audit_control audit_write set_fcap mac_override mac_admin +syn keyword sdCapDanger audit_control audit_write mac_override mac_admin set_fcap sys_admin sys_module sys_rawio " full line. Keywords are from sdCapKey + sdCapDanger -syn match sdCap /\v^\s*(audit\s+)?(deny\s+)?capability\s+(chown|dac_override|dac_read_search|fowner|fsetid|kill|setgid|setuid|setpcap|linux_immutable|net_bind_service|net_broadcast|net_admin|net_raw|ipc_lock|ipc_owner|sys_module|sys_rawio|sys_chroot|sys_ptrace|sys_pacct|sys_boot|sys_nice|sys_resource|sys_time|sys_tty_config|mknod|lease|sys_admin|audit_control|audit_write|set_fcap|mac_override|mac_admin)\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdCapKey,sdCapDanger,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude +syn match sdCap /\v^\s*(audit\s+)?(deny\s+)?capability\s+(chown|dac_override|dac_read_search|fowner|fsetid|kill|setgid|setuid|setpcap|linux_immutable|net_bind_service|net_broadcast|net_admin|net_raw|ipc_lock|ipc_owner|sys_chroot|sys_ptrace|sys_pacct|sys_boot|sys_nice|sys_resource|sys_time|sys_tty_config|syslog|mknod|lease|audit_control|audit_write|mac_override|mac_admin|set_fcap|sys_admin|sys_module|sys_rawio)\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdCapKey,sdCapDanger,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude " set capability was removed - TODO: remove everywhere in apparmor.vim -" syn match sdSetCap /\v^\s*set\s+capability\s+(chown|dac_override|dac_read_search|fowner|fsetid|kill|setgid|setuid|setpcap|linux_immutable|net_bind_service|net_broadcast|net_admin|net_raw|ipc_lock|ipc_owner|sys_module|sys_rawio|sys_chroot|sys_ptrace|sys_pacct|sys_boot|sys_nice|sys_resource|sys_time|sys_tty_config|mknod|lease|sys_admin|audit_control|audit_write|set_fcap|mac_override|mac_admin)\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdCapKey,sdCapDanger,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude +" syn match sdSetCap /\v^\s*set\s+capability\s+(chown|dac_override|dac_read_search|fowner|fsetid|kill|setgid|setuid|setpcap|linux_immutable|net_bind_service|net_broadcast|net_admin|net_raw|ipc_lock|ipc_owner|sys_chroot|sys_ptrace|sys_pacct|sys_boot|sys_nice|sys_resource|sys_time|sys_tty_config|syslog|mknod|lease|audit_control|audit_write|mac_override|mac_admin|set_fcap|sys_admin|sys_module|sys_rawio)\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdCapKey,sdCapDanger,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude " Network line @@ -176,9 +176,10 @@ syn match sdEntryW /\v^\s+(audit\s+)?(deny\s+)?(owner\s+)?link\s+(subset\s+)?(\/ syn match sdEntryWriteExec /\v^\s*(audit\s+)?(deny\s+)?(owner\s+)?(\/|\@\{\S*\})\S*\s+(l|r|w|a|m|k|[iuUpPcC]x)+(\s+-\>\s+\S+)?\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude " ux(mr) - unconstrained entry, flag the line red -syn match sdEntryUX /\v^\s*(audit\s+)?(deny\s+)?(owner\s+)?(\/|\@\{\S*\})\S*\s+(r|m|k|ux)+(\s+-\>\s+\S+)?\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude -" Ux(mr) - like ux + clean environment -syn match sdEntryUXe /\v^\s*(audit\s+)?(deny\s+)?(owner\s+)?(\/|\@\{\S*\})\S*\s+(r|m|k|Ux)+(\s+-\>\s+\S+)?\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude +" also includes pux which is unconstrained if no profile exists +syn match sdEntryUX /\v^\s*(audit\s+)?(deny\s+)?(owner\s+)?(\/|\@\{\S*\})\S*\s+(r|m|k|ux|pux)+(\s+-\>\s+\S+)?\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude +" Ux(mr) and PUx(mr) - like ux + clean environment +syn match sdEntryUXe /\v^\s*(audit\s+)?(deny\s+)?(owner\s+)?(\/|\@\{\S*\})\S*\s+(r|m|k|Ux|PUx)+(\s+-\>\s+\S+)?\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude " px/cx/pix/cix(mrk) - standard exec entry, flag the line blue syn match sdEntryPX /\v^\s*(audit\s+)?(deny\s+)?(owner\s+)?(\/|\@\{\S*\})\S*\s+(r|m|k|px|cx|pix|cix)+(\s+-\>\s+\S+)?\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude " Px/Cx/Pix/Cix(mrk) - like px/cx + clean environment diff --git a/vim.changes b/vim.changes index 06c074b..15d7717 100644 --- a/vim.changes +++ b/vim.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Thu Aug 18 23:30:06 UTC 2011 - opensuse@cboltz.de + +- apparmor.vim update + - allow pux and PUx rules + - add some new capabilities + - fix pattern for variable names (allow numbers, except for first char) + - apparmor.vim generated from AppArmor trunk aka 2.7 beta + ------------------------------------------------------------------- Thu Aug 4 11:54:55 UTC 2011 - idonmez@novell.com