rpm/vim
SHA256
1
0
Fork 0
forked from pool/vim
Code Pull Requests Activity

Accepting request 57610 from home:cboltz:branches:editors

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/57610
OBS-URL: https://build.opensuse.org/package/show/editors/vim?expand=0&rev=28
This commit is contained in:
Cristian Rodríguez 2011-01-10 15:38:12 +00:00 committed by Git OBS Bridge
parent c870667e66
commit fc979ed05e
4 changed files with 236 additions and 223 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

227
apparmor.vim Normal file
View File

@ -0,0 +1,227 @@
" $Id: apparmor.vim,v 1.10 2011/01/09 17:27:40 cb Exp $
"
" ----------------------------------------------------------------------
" Copyright (c) 2005 Novell, Inc. All Rights Reserved.
" Copyright (c) 2006-2011 Christian Boltz. All Rights Reserved.
"
" This program is free software; you can redistribute it and/or
" modify it under the terms of version 2 of the GNU General Public
" License as published by the Free Software Foundation.
"
" This program is distributed in the hope that it will be useful,
" but WITHOUT ANY WARRANTY; without even the implied warranty of
" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
" GNU General Public License for more details.
"
" You should have received a copy of the GNU General Public License
" along with this program; if not, contact Novell, Inc.
"
" To contact Novell about this file by physical or electronic mail,
" you may find current contact information at www.novell.com.
"
" To contact Christian Boltz about this file by physical or electronic
" mail, you may find current contact information at www.cboltz.de/en/kontakt.
"
" If you want to report a bug via bugzilla.novell.com, please assign it
" to suse-beta[AT]cboltz.de (replace [AT] with @).
" ----------------------------------------------------------------------
"
" stick this file into ~/.vim/syntax/ and add these commands into your .vimrc
" to have vim automagically use this syntax file for these directories:
"
" autocmd BufNewFile,BufRead /etc/apparmor.d/* set syntax=apparmor
" autocmd BufNewFile,BufRead /etc/apparmor/profiles/* set syntax=apparmor
" profiles are case sensitive
syntax case match
" color setup...
" adjust colors according to the background
" switching colors depending on the background color doesn't work
" unfortunately, so we use colors that work with light and dark background.
" Patches welcome ;-)
"if &background == "light"
" light background
hi sdProfileName ctermfg=lightblue
hi sdHatName ctermfg=darkblue
hi sdExtHat ctermfg=darkblue
" hi sdComment2 ctermfg=darkblue
hi sdGlob ctermfg=darkmagenta
hi sdAlias ctermfg=darkmagenta
hi sdEntryWriteExec ctermfg=black ctermbg=yellow
hi sdEntryUX ctermfg=darkred cterm=underline
hi sdEntryUXe ctermfg=darkred
hi sdEntryIX ctermfg=darkcyan
hi sdEntryM ctermfg=darkcyan
hi sdEntryPX ctermfg=darkgreen cterm=underline
hi sdEntryPXe ctermfg=darkgreen
hi sdEntryW ctermfg=darkyellow
hi sdCap ctermfg=lightblue
hi sdSetCap ctermfg=black ctermbg=yellow
hi sdNetwork ctermfg=lightblue
hi sdNetworkDanger ctermfg=darkred
hi sdCapKey cterm=underline ctermfg=lightblue
hi sdCapDanger ctermfg=darkred
hi sdRLimit ctermfg=lightblue
hi def link sdEntryR Normal
hi def link sdEntryK Normal
hi def link sdFlags Normal
hi sdEntryChangeProfile ctermfg=darkgreen cterm=underline
"else
" dark background
" hi sdProfileName ctermfg=white
" hi sdHatName ctermfg=white
" hi sdGlob ctermfg=magenta
" hi sdEntryWriteExec ctermfg=black ctermbg=yellow
" hi sdEntryUX ctermfg=red cterm=underline
" hi sdEntryUXe ctermfg=red
" hi sdEntryIX ctermfg=cyan
" hi sdEntryM ctermfg=cyan
" hi sdEntryPX ctermfg=green cterm=underline
" hi sdEntryPXe ctermfg=green
" hi sdEntryW ctermfg=yellow
" hi sdCap ctermfg=lightblue
" hi sdCapKey cterm=underline ctermfg=lightblue
" hi def link sdEntryR Normal
" hi def link sdFlags Normal
" hi sdCapDanger ctermfg=red
"endif
hi def link sdInclude Include
high def link sdComment Comment
"high def link sdComment2 Comment
high def link sdFlagKey TODO
high def link sdError ErrorMsg
" always sync from the start. should be relatively quick since we don't have
" that many rules and profiles shouldn't be _extremely_ large...
syn sync fromstart
syn keyword sdFlagKey complain debug
" highlight invalid syntax
syn match sdError /{/ contained
syn match sdError /}/
syn match sdError /^.*$/ contains=sdComment "highlight all non-valid lines as error
" TODO: do not mark lines containing only whitespace as error
" TODO: the sdGlob pattern is not anchored with ^ and $, so it matches all lines matching ^@{...}.*
" This allows incorrect lines also and should be checked better.
" This also (accidently ;-) includes variable definitions (@{FOO}=/bar)
" TODO: make a separate pattern for variable definitions, then mark sdGlob as contained
syn match sdGlob /\v\?|\*|\{.*,.*\}|[[^\]]\+\]|\@\{[a-zA-Z_]*\}/
syn match sdAlias /\v^alias\s+(\/|\@\{\S*\})\S*\s+-\>\s+(\/|\@\{\S*\})\S*\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob
" syn match sdComment /#.*/
syn cluster sdEntry contains=sdEntryWriteExec,sdEntryR,sdEntryW,sdEntryIX,sdEntryPX,sdEntryPXe,sdEntryUX,sdEntryUXe,sdEntryM,sdCap,sdSetCap,sdExtHat,sdRLimit,sdNetwork,sdNetworkDanger,sdEntryChangeProfile
" TODO: support audit and deny keywords for all rules (not only for files)
" TODO: higlight audit and deny keywords everywhere
" Capability line
" normal capabilities - really keep this list? syn match sdCap should be enough... (difference: sdCapKey words would loose underlining)
syn keyword sdCapKey chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease
" dangerous capabilities - highlighted separately
syn keyword sdCapDanger sys_admin audit_control audit_write set_fcap mac_override mac_admin
" full line. Keywords are from sdCapKey + sdCapDanger
syn match sdCap /\v^\s*capability\s+(chown|dac_override|dac_read_search|fowner|fsetid|kill|setgid|setuid|setpcap|linux_immutable|net_bind_service|net_broadcast|net_admin|net_raw|ipc_lock|ipc_owner|sys_module|sys_rawio|sys_chroot|sys_ptrace|sys_pacct|sys_boot|sys_nice|sys_resource|sys_time|sys_tty_config|mknod|lease|sys_admin|audit_control|audit_write|set_fcap|mac_override|mac_admin)\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdCapKey,sdCapDanger,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
syn match sdSetCap /\v^\s*set\s+capability\s+(chown|dac_override|dac_read_search|fowner|fsetid|kill|setgid|setuid|setpcap|linux_immutable|net_bind_service|net_broadcast|net_admin|net_raw|ipc_lock|ipc_owner|sys_module|sys_rawio|sys_chroot|sys_ptrace|sys_pacct|sys_boot|sys_nice|sys_resource|sys_time|sys_tty_config|mknod|lease|sys_admin|audit_control|audit_write|set_fcap|mac_override|mac_admin)\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdCapKey,sdCapDanger,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
" Network line
" Syntax: network domain (inet, ...) type (stream, ...) protocol (tcp, ...)
syn match sdNetwork /\v^\s*network(\s+(inet|ax25|ipx|appletalk|netrom|bridge|atmpvc|x25|inet6|rose|netbeui|security|key|packet|ash|econet|atmsvc|sna|irda|pppox|wanpipe|bluetooth))?(\s+(stream|dgram|seqpacket|rdm|packet))?(\s+(tcp|udp|icmp))?\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
" network rules containing 'raw'
syn match sdNetworkDanger /\v^\s*network(\s+(inet|ax25|ipx|appletalk|netrom|bridge|atmpvc|x25|inet6|rose|netbeui|security|key|packet|ash|econet|atmsvc|sna|irda|pppox|wanpipe|bluetooth))?(\s+(raw))(\s+(tcp|udp|icmp))?\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
" 'all networking' includes raw -> mark as dangerous
syn match sdNetworkDanger /\v^\s*network\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
" Change Profile
syn match sdEntryChangeProfile /\v^\s*change_profile\s+-\>\s+\S+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
" rlimit
"
"syn match sdRLimit /\v^\s*rlimit\s+()\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdComment
syn match sdRLimit /\v^\s*rlimit\s+(nofile|locks|sigpending|nproc|rtprio)\s+[0-9]+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdComment
syn match sdRLimit /\v^\s*rlimit\s+(fsize|data|stack|core|rss|as|memlock|msgqueue)\s+\<\=\s+[0-9]+([KMG])?\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdComment
syn match sdRLimit /\v^\s*rlimit\s+nice\s+(-1?[0-9]|-20|1?[0-9])\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdComment
" link rules
syn match sdEntryW /\v^\s+link\s+(subset\s+)?(\/|\@\{\S*\})\S*\s+-\>\s+(\/|\@\{\S*\})\S*\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob
" file permissions
"
" TODO: Support filenames enclosed in quotes ("/home/foo/My Documents/") - ideally by only allowing quotes pair-wise
"
" write + exec/mmap - danger!
" known bug: accepts 'aw' to keep things simple
syn match sdEntryWriteExec /\v^\s*((owner\s+)|(audit\s+)|(deny\s+))*(\/|\@\{\S*\})\S*\s+(l|r|w|a|m|k|[iuUpPcC]x)+(\s+-\>\s+\S+)?\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
" ux(mr) - unconstrained entry, flag the line red
syn match sdEntryUX /\v^\s*((owner\s+)|(audit\s+)|(deny\s+))*(\/|\@\{\S*\})\S*\s+(r|m|k|ux)+(\s+-\>\s+\S+)?\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
" Ux(mr) - like ux + clean environment
syn match sdEntryUXe /\v^\s*((owner\s+)|(audit\s+)|(deny\s+))*(\/|\@\{\S*\})\S*\s+(r|m|k|Ux)+(\s+-\>\s+\S+)?\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
" px/cx/pix/cix(mrk) - standard exec entry, flag the line blue
syn match sdEntryPX /\v^\s*((owner\s+)|(audit\s+)|(deny\s+))*(\/|\@\{\S*\})\S*\s+(r|m|k|px|cx|pix|cix)+(\s+-\>\s+\S+)?\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
" Px/Cx/Pix/Cix(mrk) - like px/cx + clean environment
syn match sdEntryPXe /\v^\s*((owner\s+)|(audit\s+)|(deny\s+))*(\/|\@\{\S*\})\S*\s+(r|m|k|Px|Cx|Pix|Cix)+(\s+-\>\s+\S+)?\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
" ix(mr) - standard exec entry, flag the line green
syn match sdEntryIX /\v^\s*((owner\s+)|(audit\s+)|(deny\s+))*(\/|\@\{\S*\})\S*\s+(r|m|k|ix)+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
" mr - mmap with PROT_EXEC
syn match sdEntryM /\v^\s*((owner\s+)|(audit\s+)|(deny\s+))*(\/|\@\{\S*\})\S*\s+(r|m|k)+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
" if we've got u or i without x, it's an error
" rule is superfluous because of the '/.*/ is an error' rule ;-)
"syn match sdError /\v^\s*((owner\s+)|(audit\s+)|(deny\s+))*(\/|\@\{\S*\})\S*\s+(l|r|w|k|u|p|i)+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
" write + append is an error also
"syn match sdError /\v^\s*((owner\s+)|(audit\s+)|(deny\s+))*(\/|\@\{\S*\})\S*\s+(\S*r\S*a\S*|\S*a\S*w\S*)\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
syn match sdError /\v^\s*((owner\s+)|(audit\s+)|(deny\s+))*(\/|\@\{\S*\})\S*\s+\S*(w\S*a|a\S*w)\S*\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
" write entry, flag the line yellow
syn match sdEntryW /\v^\s*((owner\s+)|(audit\s+)|(deny\s+))*(\/|\@\{\S*\})\S*\s+(l|r|w|k)+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
" append entry, flag the line yellow
syn match sdEntryW /\v^\s*((owner\s+)|(audit\s+)|(deny\s+))*(\/|\@\{\S*\})\S*\s+(l|r|a|k)+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
" read entry + locking, currently no highlighting
syn match sdEntryK /\v^\s*((owner\s+)|(audit\s+)|(deny\s+))*(\/|\@\{\S*\})\S*\s+[rlk]+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
" read entry, no highlighting
syn match sdEntryR /\v^\s*((owner\s+)|(audit\s+)|(deny\s+))*(\/|\@\{\S*\})\S*\s+[rl]+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
syn match sdExtHat /\v^\s+(\^|profile\s+)\S+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdComment " hat without {...}
syn match sdProfileName /\v^((profile\s+)?\/\S+|profile\s+([a-zA-Z0-9]\S*\s)?\S+)\s+((flags\=)?\(\s*(complain|audit|attach_disconnect|no_attach_disconnected|chroot_attach|chroot_no_attach|chroot_relative|namespace_relative)(\s*,\s*(complain|audit|attach_disconnect|no_attach_disconnected|chroot_attach|chroot_no_attach|chroot_relative|namespace_relative))*\s*\)\s+)=\{/ contains=sdProfileStart,sdHatName,sdFlags,sdComment,sdGlob
syn match sdProfileStart /{/ contained
syn match sdProfileEnd /^}\s*(#.*)?$/ contained " TODO: syn region does not (yet?) allow usage of comment in end=
" TODO: Removing the $ mark from end= will allow non-comments also :-(
syn match sdHatName /\v^\s+(\^|profile\s+)\S+\s+((flags\=)?\(\s*(complain|audit|attach_disconnect|no_attach_disconnected|chroot_attach|chroot_no_attach|chroot_relative|namespace_relative)(\s*,\s*(complain|audit|attach_disconnect|no_attach_disconnected|chroot_attach|chroot_no_attach|chroot_relative|namespace_relative))*\s*\)\s+)=\{/ contains=sdProfileStart,sdFlags,sdComment
syn match sdHatStart /{/ contained
syn match sdHatEnd /}/ contained " TODO: allow comments + [same as for syn match sdProfileEnd]
syn match sdFlags /\v((flags\=)?\(\s*(complain|audit|attach_disconnect|no_attach_disconnected|chroot_attach|chroot_no_attach|chroot_relative|namespace_relative)(\s*,\s*(complain|audit|attach_disconnect|no_attach_disconnected|chroot_attach|chroot_no_attach|chroot_relative|namespace_relative))*\s*\)\s+)/ contained contains=sdFlagKey
syn match sdComment /\s*#.*$/
syn match sdInclude /\s*#include\s<\S*>/ contains=sdComment " TODO: doesn't check until $
syn match sdInclude /\s*include\s<\S*>/ contains=sdComment " TODO: doesn't check until $
" basic profile block...
" \s+ does not work in end=, therefore using \s\s*
syn region Normal start=/\v^(profile\s+)?\S+\s+((flags\=)?\(\s*(complain|audit|attach_disconnect|no_attach_disconnected|chroot_attach|chroot_no_attach|chroot_relative|namespace_relative)(\s*,\s*(complain|audit|attach_disconnect|no_attach_disconnected|chroot_attach|chroot_no_attach|chroot_relative|namespace_relative))*\s*\)\s+)=\{/ matchgroup=sdProfileEnd end=/^}\s*$/ contains=sdProfileName,Hat,@sdEntry,sdComment,sdError,sdInclude
syn region Hat start=/\v^\s+(\^|profile\s+)\S+\s+((flags\=)?\(\s*(complain|audit|attach_disconnect|no_attach_disconnected|chroot_attach|chroot_no_attach|chroot_relative|namespace_relative)(\s*,\s*(complain|audit|attach_disconnect|no_attach_disconnected|chroot_attach|chroot_no_attach|chroot_relative|namespace_relative))*\s*\)\s+)=\{/ matchgroup=sdHatEnd end=/^\s\s*}\s*$/ contains=sdHatName,@sdEntry,sdComment,sdError,sdInclude

223
vim-7.3-filetype_apparmor.patch
View File

@ -12,226 +12,3 @@ diff -rupN vim73.orig/runtime/filetype.vim vim73/runtime/filetype.vim
" XA65 MOS6510 cross assembler
au BufNewFile,BufRead *.a65 setf a65
diff -rupN vim73.orig/runtime/syntax/apparmor.vim vim73/runtime/syntax/apparmor.vim
--- vim73.orig/runtime/syntax/apparmor.vim 1970-01-01 01:00:00.000000000 +0100
+++ vim73/runtime/syntax/apparmor.vim 2010-11-21 05:43:34.225347247 +0100
@@ -0,0 +1,219 @@
+" $Id: apparmor.vim.in,v 1.6 2008/09/25 00:13:43 cb Exp $
+"
+" ----------------------------------------------------------------------
+" Copyright (c) 2005 Novell, Inc. All Rights Reserved.
+" Copyright (c) 2006-2008 Christian Boltz. All Rights Reserved.
+"
+" This program is free software; you can redistribute it and/or
+" modify it under the terms of version 2 of the GNU General Public
+" License as published by the Free Software Foundation.
+"
+" This program is distributed in the hope that it will be useful,
+" but WITHOUT ANY WARRANTY; without even the implied warranty of
+" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+" GNU General Public License for more details.
+"
+" You should have received a copy of the GNU General Public License
+" along with this program; if not, contact Novell, Inc.
+"
+" To contact Novell about this file by physical or electronic mail,
+" you may find current contact information at rudin.suse.de:8891.
+"
+" To contact Christian Boltz about this file by physical or electronic
+" mail, you may find current contact information at www.cboltz.de/en/kontakt.
+" ----------------------------------------------------------------------
+"
+" stick this file into ~/.vim/syntax/ and add these commands into your .vimrc
+" to have vim automagically use this syntax file for these directories:
+"
+" autocmd BufNewFile,BufRead /etc/apparmor.d/* set syntax=apparmor
+" autocmd BufNewFile,BufRead /etc/apparmor/profiles/* set syntax=apparmor
+
+" profiles are case sensitive
+syntax case match
+
+" color setup...
+
+" adjust colors according to the background
+
+" switching colors depending on the background color doesn't work
+" unfortunately, so we use colors that work with light and dark background.
+" Patches welcome ;-)
+
+"if &background == "light"
+" light background
+ hi sdProfileName ctermfg=lightblue
+ hi sdHatName ctermfg=darkblue
+ hi sdExtHat ctermfg=darkblue
+" hi sdComment2 ctermfg=darkblue
+ hi sdGlob ctermfg=darkmagenta
+ hi sdAlias ctermfg=darkmagenta
+ hi sdEntryWriteExec ctermfg=black ctermbg=yellow
+ hi sdEntryUX ctermfg=darkred cterm=underline
+ hi sdEntryUXe ctermfg=darkred
+ hi sdEntryIX ctermfg=darkcyan
+ hi sdEntryM ctermfg=darkcyan
+ hi sdEntryPX ctermfg=darkgreen cterm=underline
+ hi sdEntryPXe ctermfg=darkgreen
+ hi sdEntryW ctermfg=darkyellow
+ hi sdCap ctermfg=lightblue
+ hi sdSetCap ctermfg=black ctermbg=yellow
+ hi sdNetwork ctermfg=lightblue
+ hi sdNetworkDanger ctermfg=darkred
+ hi sdCapKey cterm=underline ctermfg=lightblue
+ hi sdCapDanger ctermfg=darkred
+ hi sdRLimit ctermfg=lightblue
+ hi def link sdEntryR Normal
+ hi def link sdEntryK Normal
+ hi def link sdFlags Normal
+ hi sdEntryChangeProfile ctermfg=darkgreen cterm=underline
+"else
+" dark background
+" hi sdProfileName ctermfg=white
+" hi sdHatName ctermfg=white
+" hi sdGlob ctermfg=magenta
+" hi sdEntryWriteExec ctermfg=black ctermbg=yellow
+" hi sdEntryUX ctermfg=red cterm=underline
+" hi sdEntryUXe ctermfg=red
+" hi sdEntryIX ctermfg=cyan
+" hi sdEntryM ctermfg=cyan
+" hi sdEntryPX ctermfg=green cterm=underline
+" hi sdEntryPXe ctermfg=green
+" hi sdEntryW ctermfg=yellow
+" hi sdCap ctermfg=lightblue
+" hi sdCapKey cterm=underline ctermfg=lightblue
+" hi def link sdEntryR Normal
+" hi def link sdFlags Normal
+" hi sdCapDanger ctermfg=red
+"endif
+
+hi def link sdInclude Include
+high def link sdComment Comment
+"high def link sdComment2 Comment
+high def link sdFlagKey TODO
+high def link sdError ErrorMsg
+
+
+" always sync from the start. should be relatively quick since we don't have
+" that many rules and profiles shouldn't be _extremely_ large...
+syn sync fromstart
+
+syn keyword sdFlagKey complain audit debug
+
+" highlight invalid syntax
+syn match sdError /{/ contained
+syn match sdError /}/
+syn match sdError /^.*$/ contains=sdComment "highlight all non-valid lines as error
+" TODO: do not mark lines containing only whitespace as error
+
+" TODO: the sdGlob pattern is not anchored with ^ and $, so it matches all lines matching ^@{...}.*
+" This allows incorrect lines also and should be checked better.
+syn match sdGlob /\v\?|\*|\{.*,.*\}|[[^\]]\+\]|\@\{[a-zA-Z_]*\}/
+
+syn match sdAlias /\v^alias\s+(\/|\@\{\S*\})\S*\s+-\>\s+(\/|\@\{\S*\})\S*\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob
+
+"syn match sdComment /#.*/
+
+syn cluster sdEntry contains=sdEntryWriteExec,sdEntryR,sdEntryW,sdEntryIX,sdEntryPX,sdEntryPXe,sdEntryUX,sdEntryUXe,sdEntryM,sdCap,sdSetCap,sdExtHat,sdRLimit,sdNetwork,sdNetworkDanger,sdEntryChangeProfile
+
+
+" TODO: support audit and deny keywords for all rules (not only for files)
+" TODO: higlight audit and deny keywords everywhere
+
+" Capability line
+
+" normal capabilities - really keep this list? syn match sdCap should be enough... (difference: sdCapKey words would loose underlining)
+syn keyword sdCapKey chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_control
+
+" dangerous capabilities - highlighted separately
+syn keyword sdCapDanger sys_admin
+
+" full line. Keywords are from sdCapKey + sdCapDanger
+syn match sdCap /\v^\s*capability\s+(chown|dac_override|dac_read_search|fowner|fsetid|kill|setgid|setuid|setpcap|linux_immutable|net_bind_service|net_broadcast|net_admin|net_raw|ipc_lock|ipc_owner|sys_module|sys_rawio|sys_chroot|sys_ptrace|sys_pacct|sys_boot|sys_nice|sys_resource|sys_time|sys_tty_config|mknod|lease|sys_admin|audit_control)\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdCapKey,sdCapDanger,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
+syn match sdSetCap /\v^\s*set\s+capability\s+(chown|dac_override|dac_read_search|fowner|fsetid|kill|setgid|setuid|setpcap|linux_immutable|net_bind_service|net_broadcast|net_admin|net_raw|ipc_lock|ipc_owner|sys_module|sys_rawio|sys_chroot|sys_ptrace|sys_pacct|sys_boot|sys_nice|sys_resource|sys_time|sys_tty_config|mknod|lease|sys_admin|audit_control)\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdCapKey,sdCapDanger,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
+
+
+" Network line
+" Syntax: network domain (inet, ...) type (stream, ...) protocol (tcp, ...)
+syn match sdNetwork /\v^\s*network(\s+(inet|ax25|ipx|appletalk|netrom|bridge|atmpvc|x25|inet6|rose|netbeui|security|key|packet|ash|econet|atmsvc|sna|irda|pppox|wanpipe|bluetooth))?(\s+(stream|dgram|seqpacket|rdm|packet))?(\s+(tcp|udp|icmp))?\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
+" network rules containing 'raw'
+syn match sdNetworkDanger /\v^\s*network(\s+(inet|ax25|ipx|appletalk|netrom|bridge|atmpvc|x25|inet6|rose|netbeui|security|key|packet|ash|econet|atmsvc|sna|irda|pppox|wanpipe|bluetooth))?(\s+(raw))(\s+(tcp|udp|icmp))?\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
+" 'all networking' includes raw -> mark as dangerous
+syn match sdNetworkDanger /\v^\s*network\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
+
+
+" Change Profile
+syn match sdEntryChangeProfile /\v^\s*change_profile\s+-\>\s+\S+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
+
+
+" rlimit
+"
+"syn match sdRLimit /\v^\s*rlimit\s+()\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdComment
+syn match sdRLimit /\v^\s*rlimit\s+(nofile|locks|sigpending|nproc|rtprio)\s+[0-9]+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdComment
+syn match sdRLimit /\v^\s*rlimit\s+(fsize|data|stack|core|rss|as|memlock|msgqueue)\s+\<\=\s+[0-9]+([KMG])?\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdComment
+syn match sdRLimit /\v^\s*rlimit\s+nice\s+(-1?[0-9]|-20|1?[0-9])\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdComment
+
+" link rules
+syn match sdEntryW /\v^\s+link\s+(subset\s+)?(\/|\@\{\S*\})\S*\s+-\>\s+(\/|\@\{\S*\})\S*\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob
+
+
+" file permissions
+"
+" write + exec/mmap - danger!
+" known bug: accepts 'aw' to keep things simple
+syn match sdEntryWriteExec /\v^\s*((owner\s+)|(audit\s+)|(deny\s+))*(\/|\@\{\S*\})\S*\s+(l|r|w|a|m|k|[iuUpPcC]x)+(\s+-\>\s+\S+)?\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
+
+" ux(mr) - unconstrained entry, flag the line red
+syn match sdEntryUX /\v^\s*((owner\s+)|(audit\s+)|(deny\s+))*(\/|\@\{\S*\})\S*\s+(r|m|k|ux)+(\s+-\>\s+\S+)?\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
+" Ux(mr) - like ux + clean environment
+syn match sdEntryUXe /\v^\s*((owner\s+)|(audit\s+)|(deny\s+))*(\/|\@\{\S*\})\S*\s+(r|m|k|Ux)+(\s+-\>\s+\S+)?\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
+" px/cx/pix/cix(mrk) - standard exec entry, flag the line blue
+syn match sdEntryPX /\v^\s*((owner\s+)|(audit\s+)|(deny\s+))*(\/|\@\{\S*\})\S*\s+(r|m|k|px|cx|pix|cix)+(\s+-\>\s+\S+)?\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
+" Px/Cx/Pix/Cix(mrk) - like px/cx + clean environment
+syn match sdEntryPXe /\v^\s*((owner\s+)|(audit\s+)|(deny\s+))*(\/|\@\{\S*\})\S*\s+(r|m|k|Px|Cx|Pix|Cix)+(\s+-\>\s+\S+)?\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
+" ix(mr) - standard exec entry, flag the line green
+syn match sdEntryIX /\v^\s*((owner\s+)|(audit\s+)|(deny\s+))*(\/|\@\{\S*\})\S*\s+(r|m|k|ix)+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
+" mr - mmap with PROT_EXEC
+syn match sdEntryM /\v^\s*((owner\s+)|(audit\s+)|(deny\s+))*(\/|\@\{\S*\})\S*\s+(r|m|k)+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
+
+" if we've got u or i without x, it's an error
+" rule is superfluous because of the '/.*/ is an error' rule ;-)
+"syn match sdError /\v^\s*((owner\s+)|(audit\s+)|(deny\s+))*(\/|\@\{\S*\})\S*\s+(l|r|w|k|u|p|i)+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
+
+" write + append is an error also
+"syn match sdError /\v^\s*((owner\s+)|(audit\s+)|(deny\s+))*(\/|\@\{\S*\})\S*\s+(\S*r\S*a\S*|\S*a\S*w\S*)\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
+syn match sdError /\v^\s*((owner\s+)|(audit\s+)|(deny\s+))*(\/|\@\{\S*\})\S*\s+\S*(w\S*a|a\S*w)\S*\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
+
+" write entry, flag the line yellow
+syn match sdEntryW /\v^\s*((owner\s+)|(audit\s+)|(deny\s+))*(\/|\@\{\S*\})\S*\s+(l|r|w|k)+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
+" append entry, flag the line yellow
+syn match sdEntryW /\v^\s*((owner\s+)|(audit\s+)|(deny\s+))*(\/|\@\{\S*\})\S*\s+(l|r|a|k)+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
+
+" read entry + locking, currently no highlighting
+syn match sdEntryK /\v^\s*((owner\s+)|(audit\s+)|(deny\s+))*(\/|\@\{\S*\})\S*\s+[rlk]+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
+" read entry, no highlighting
+syn match sdEntryR /\v^\s*((owner\s+)|(audit\s+)|(deny\s+))*(\/|\@\{\S*\})\S*\s+[rl]+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
+
+syn match sdExtHat /\v^\s+(\^|profile\s+)\S+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdComment " hat without {...}
+
+
+
+
+syn match sdProfileName /\v^((profile\s+)?\/\S+|profile\s+\S+)\s+(flags\=\((complain|audit)\)\s+)=\{/ contains=sdProfileStart,sdHatName,sdFlags,sdComment
+syn match sdProfileStart /{/ contained
+syn match sdProfileEnd /^}\s*(#.*)?$/ contained " TODO: syn region does not (yet?) allow usage of comment in end=
+ " TODO: Removing the $ mark from end= will allow non-comments also :-(
+syn match sdHatName /\v^\s+(\^|profile\s+)\S+\s+(flags\=\((complain|audit)\)\s+)=\{/ contains=sdProfileStart,sdFlags,sdComment
+syn match sdHatStart /{/ contained
+syn match sdHatEnd /}/ contained " TODO: allow comments + [same as for syn match sdProfileEnd]
+syn match sdFlags /\vflags\=\((complain|audit)\)/ contained contains=sdFlagKey
+
+syn match sdComment /\s*#.*$/
+syn match sdInclude /\s*#include.*$/
+
+" basic profile block...
+" \s+ does not work in end=, therefore using \s\s*
+syn region Normal start=/\v^(profile\s+)?\S+\s+(flags\=\(\S+\)\s+)=\{/ matchgroup=sdProfileEnd end=/^}\s*$/ contains=sdProfileName,Hat,@sdEntry,sdComment,sdError,sdInclude
+syn region Hat start=/\v^\s+(\^|profile\s+)\S+\s+(flags\=\(\S+\)\s+)=\{/ matchgroup=sdHatEnd end=/^\s\s*}\s*$/ contains=sdHatName,@sdEntry,sdComment,sdError,sdInclude
+
+

7
vim.changes
View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Sun Jan 9 17:02:15 UTC 2011 - opensuse@cboltz.de
- update apparmor.vim to match (most of) the AppArmor 2.5 syntax
- package apparmor.vim as separate source file, no longer as part of
vim-7.3-filetype_apparmor.patch
-------------------------------------------------------------------
Mon Nov 22 09:03:54 CET 2010 - freespacer@gmx.de

2
vim.spec
View File

@ -77,6 +77,7 @@ Source19: gvim.desktop
Source20: spec.skeleton
Source21: dot.vimrc
Source22: vim.conf
Source23: apparmor.vim
Source98: %{name}-7.3-patches.tar.bz2
Source99: %{name}-7.3-rpmlintrc
Patch3: %{name}-7.3-disable_lang_no.patch
@ -306,6 +307,7 @@ unset p
%patch12 -p1
%patch14 -p1
%patch15 -p1
cp %{S:23} runtime/syntax/apparmor.vim
%patch18 -p1
%patch19 -p1
%patch21 -p1