This commit is contained in:
OBS User unknown
committed by
Git OBS Bridge
Git OBS Bridge
parent
fb993d5f25
commit
9ec0b7d52a
170
apparmor.vim
170
apparmor.vim
@@ -1,170 +0,0 @@
|
||||
" $Id$
|
||||
"
|
||||
" ----------------------------------------------------------------------
|
||||
" Copyright (c) 2005 Novell, Inc. All Rights Reserved.
|
||||
" Copyright (c) 2006 Christian Boltz. All Rights Reserved.
|
||||
"
|
||||
" This program is free software; you can redistribute it and/or
|
||||
" modify it under the terms of version 2 of the GNU General Public
|
||||
" License as published by the Free Software Foundation.
|
||||
"
|
||||
" This program is distributed in the hope that it will be useful,
|
||||
" but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
" GNU General Public License for more details.
|
||||
"
|
||||
" You should have received a copy of the GNU General Public License
|
||||
" along with this program; if not, contact Novell, Inc.
|
||||
"
|
||||
" To contact Novell about this file by physical or electronic mail,
|
||||
" you may find current contact information at www.novell.com.
|
||||
"
|
||||
" To contact Christian Boltz about this file by physical or electronic
|
||||
" mail, you may find current contact information at www.cboltz.de.
|
||||
" ----------------------------------------------------------------------
|
||||
"
|
||||
" stick this file into ~/.vim/syntax/ and add these commands into your .vimrc
|
||||
" to have vim automagically use this syntax file for these directories:
|
||||
"
|
||||
" autocmd BufNewFile,BufRead /etc/apparmor.d/* set syntax=apparmor
|
||||
" autocmd BufNewFile,BufRead /etc/apparmor/profiles/* set syntax=apparmor
|
||||
|
||||
|
||||
" color setup...
|
||||
|
||||
" adjust colors according to the background
|
||||
|
||||
" switching colors depending on the background color doesn't work
|
||||
" unfortunately, so we use colors that work with light and dark background.
|
||||
" Patches welcome ;-)
|
||||
|
||||
"if &background == "light"
|
||||
" light background
|
||||
hi sdProfileName ctermfg=lightblue
|
||||
hi sdHatName ctermfg=darkblue
|
||||
hi sdGlob ctermfg=darkmagenta
|
||||
hi sdEntryWriteExec ctermfg=black ctermbg=yellow
|
||||
hi sdEntryUX ctermfg=darkred cterm=underline
|
||||
hi sdEntryCUX ctermfg=darkred
|
||||
hi sdEntryIX ctermfg=darkcyan
|
||||
hi sdEntryM ctermfg=darkcyan
|
||||
hi sdEntryPX ctermfg=darkgreen cterm=underline
|
||||
hi sdEntryCPX ctermfg=darkgreen
|
||||
hi sdEntryW ctermfg=darkyellow
|
||||
hi sdCap ctermfg=lightblue
|
||||
hi sdNetwork ctermfg=lightblue
|
||||
hi sdNetworkDanger ctermfg=darkred
|
||||
hi sdCapKey cterm=underline ctermfg=lightblue
|
||||
hi sdCapDanger ctermfg=darkred
|
||||
hi def link sdEntryR Normal
|
||||
hi def link sdEntryK Normal
|
||||
hi def link sdFlags Normal
|
||||
hi sdEntryChangeProfile ctermfg=darkgreen cterm=underline
|
||||
"else
|
||||
" dark background
|
||||
" hi sdProfileName ctermfg=white
|
||||
" hi sdHatName ctermfg=white
|
||||
" hi sdGlob ctermfg=magenta
|
||||
" hi sdEntryWriteExec ctermfg=black ctermbg=yellow
|
||||
" hi sdEntryUX ctermfg=red cterm=underline
|
||||
" hi sdEntryCUX ctermfg=red
|
||||
" hi sdEntryIX ctermfg=cyan
|
||||
" hi sdEntryM ctermfg=cyan
|
||||
" hi sdEntryPX ctermfg=green cterm=underline
|
||||
" hi sdEntryCPX ctermfg=green
|
||||
" hi sdEntryW ctermfg=yellow
|
||||
" hi sdCap ctermfg=lightblue
|
||||
" hi sdCapKey cterm=underline ctermfg=lightblue
|
||||
" hi def link sdEntryR Normal
|
||||
" hi def link sdFlags Normal
|
||||
" hi sdCapDanger ctermfg=red
|
||||
"endif
|
||||
|
||||
hi def link sdInclude Include
|
||||
high def link sdComment Comment
|
||||
high def link sdFlagKey TODO
|
||||
high def link sdError ErrorMsg
|
||||
|
||||
|
||||
" always sync from the start. should be relatively quick since we don't have
|
||||
" that many rules and profiles shouldn't be _extremely_ large...
|
||||
syn sync fromstart
|
||||
|
||||
syn keyword sdFlagKey complain audit debug
|
||||
|
||||
" highlight some invalid syntax
|
||||
"syn match sdError /\v.+$/ " causes false positives on '}' :-(
|
||||
syn match sdError /{/ contained
|
||||
syn match sdError /}/
|
||||
syn match sdError /^.*$/ "highlight all non-valid lines as error
|
||||
|
||||
syn match sdGlob /\v\?|\*|\{.*,.*\}|[[^\]]\+\]|\@\{[a-zA-Z]*\}/
|
||||
|
||||
syn cluster sdEntry contains=sdEntryWriteExec,sdEntryR,sdEntryW,sdEntryIX,sdEntryPX,sdEntryCPX,sdEntryUX,sdEntryCUX,sdEntryM,sdCap
|
||||
|
||||
|
||||
" Capability line
|
||||
syn keyword sdCapKey chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease
|
||||
syn keyword sdCapDanger sys_admin
|
||||
|
||||
syn match sdCap /\v^\s*capability\s+\S+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdCapKey,sdCapDanger nextgroup=@sdEntry,sdComment,sdError,sdInclude
|
||||
|
||||
" Network line
|
||||
" Syntax: network domain (inet, ...) type (stream, ...) protocol (tcp, ...)
|
||||
syn keyword sdNetworkDanger raw
|
||||
syn match sdNetwork /\v^\s*network(\s+(inet|ax25|ipx|appletalk|netrom|bridge|atmpvc|x25|inet6|rose|netbeui|security|key|packet|ash|econet|atmsvc|sna|irda|pppox|wanpipe|bluetooth))?(\s+(stream|dgram|seqpacket|raw|rdm|packet))?(\s+(tcp|udp|icmp))?,(\s*$|(\s*#.*$)\@=)/ contains=sdNetworkDanger nextgroup=@sdEntry,sdComment,sdError,sdInclude
|
||||
"syn match sdNetworkDanger /\v^\s*network(\s+(inet|ax25|ipx|appletalk|netrom|bridge|atmpvc|x25|inet6|rose|netbeui|security|key|packet|ash|econet|atmsvc|sna|irda|pppox|wanpipe|bluetooth))?(\s+(raw))?(\s+(tcp|udp|icmp))?,(\s*$|(\s*#.*$)\@=)/
|
||||
|
||||
syn match sdEntryChangeProfile /\v^\s*change_profile\s+(\/|\@\{\S*\})\S*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob nextgroup=@sdEntry,sdComment,sdError,sdInclude
|
||||
|
||||
" file permissions
|
||||
"
|
||||
" write + exec/mmap - danger!
|
||||
" known bug: accepts 'aw' to keep things simple
|
||||
syn match sdEntryWriteExec /\v^\s*(\/|\@\{\S*\})\S*\s+(l|r|w|a|m|k|[iuUpP]x)+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob nextgroup=@sdEntry,sdComment,sdError,sdInclude
|
||||
|
||||
" ux(mr) - unconstrained entry, flag the line red
|
||||
syn match sdEntryUX /\v^\s*(\/|\@\{\S*\})\S*\s+(r|m|k|ux)+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob nextgroup=@sdEntry,sdComment,sdError,sdInclude
|
||||
" Ux(mr) - like ux + clean environment
|
||||
syn match sdEntryCUX /\v^\s*(\/|\@\{\S*\})\S*\s+(r|m|k|Ux)+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob nextgroup=@sdEntry,sdComment,sdError,sdInclude
|
||||
" px(mr) - standard exec entry, flag the line blue
|
||||
syn match sdEntryPX /\v^\s*(\/|\@\{\S*\})\S*\s+(r|m|k|px)+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob nextgroup=@sdEntry,sdComment,sdError,sdInclude
|
||||
" Px(mr) - like px + clean environment
|
||||
syn match sdEntryCPX /\v^\s*(\/|\@\{\S*\})\S*\s+(r|m|k|Px)+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob nextgroup=@sdEntry,sdComment,sdError,sdInclude
|
||||
" ix(mr) - standard exec entry, flag the line green
|
||||
syn match sdEntryIX /\v^\s*(\/|\@\{\S*\})\S*\s+(r|m|k|ix)+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob nextgroup=@sdEntry,sdComment,sdError,sdInclude
|
||||
" mr - mmap with PROT_EXEC
|
||||
syn match sdEntryM /\v^\s*(\/|\@\{\S*\})\S*\s+(r|m|k)+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob nextgroup=@sdEntry,sdComment,sdError,sdInclude
|
||||
|
||||
" if we've got u or i without x, it's an error
|
||||
syn match sdError /\v^\s*(\/|\@\{\S*\})\S*\s+(l|r|w|k|u|p|i)+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob nextgroup=@sdEntry,sdComment,sdError,sdInclude
|
||||
|
||||
" write + append is an error also
|
||||
syn match sdError /\v^\s*(\/|\@\{\S*\})\S*\s+([lrkupi]*w[lrkupi]*a[lrkupi]*|[lrkupi]*a[lrkupi]*w[lrkupi]*)\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob nextgroup=@sdEntry,sdComment,sdError,sdInclude
|
||||
|
||||
" write entry, flag the line yellow
|
||||
syn match sdEntryW /\v^\s*(\/|\@\{\S*\})\S*\s+(l|r|w|k)+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob nextgroup=@sdEntry,sdComment,sdError,sdInclude
|
||||
" append entry, flag the line yellow
|
||||
syn match sdEntryW /\v^\s*(\/|\@\{\S*\})\S*\s+(l|r|k|a)+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob nextgroup=@sdEntry,sdComment,sdError,sdInclude
|
||||
|
||||
" read entry + locking, currently no highlighting
|
||||
syn match sdEntryK /\v^\s*(\/|\@\{\S*\})\S*\s+[rlk]+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob nextgroup=@sdEntry,sdComment,sdError
|
||||
" read entry, no highlighting
|
||||
syn match sdEntryR /\v^\s*(\/|\@\{\S*\})\S*\s+[rl]+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob nextgroup=@sdEntry,sdComment,sdError
|
||||
|
||||
syn match sdProfileName /\v^\/\S+\s+(flags\=\(\S+\)\s+)=\{/ contains=sdProfileStart,sdHatName,sdFlags
|
||||
syn match sdProfileStart /{/ contained
|
||||
syn match sdProfileEnd /}/ " contained
|
||||
syn match sdHatName /\v^\s+\^\S+\s+(flags\=\(\S+\)\s+)=\{/ contains=sdProfileStart,sdFlags
|
||||
syn match sdHatStart /{/ contained
|
||||
syn match sdHatEnd /}/ contained
|
||||
syn match sdFlags /\vflags\=\(\S+\)/ contained contains=sdFlagKey
|
||||
|
||||
syn match sdComment /\s*#.*$/
|
||||
syn match sdInclude /\s*#include.*$/
|
||||
|
||||
" basic profile block...
|
||||
" \s+ does not work in end=, therefore using \s\s*
|
||||
syn region Normal start=/\v^\s*\^\S+\s+(flags\=\(\S+\)\s+)=\{/ matchgroup=sdProfileEnd end=/^}\s*$/ contains=sdProfileName,Hat,@sdEntry,sdComment,sdError,sdInclude
|
||||
syn region Hat start=/\v^\s+\^\S+\s+(flags\=\(\S+\)\s+)=\{/ matchgroup=sdHatEnd end=/^\s\s*}\s*$/ contained contains=sdHatName,@sdEntry,sdComment,sdError,sdInclude
|
||||
|
||||
Reference in New Issue
Block a user