aboutsummaryrefslogtreecommitdiffstats
path: root/contrib
diff options
context:
space:
mode:
authorLibravatar Reiner Herrmann <reiner@reiner-h.de>2021-05-29 11:47:06 +0200
committerLibravatar Reiner Herrmann <reiner@reiner-h.de>2021-05-29 12:53:41 +0200
commit91dcea1a21373438069c6b5cac67b21012c3a7e3 (patch)
tree481e4cdfc42e7ead629e952ee2736267ffe00969 /contrib
parentvim: update conditionals (diff)
downloadfirejail-91dcea1a21373438069c6b5cac67b21012c3a7e3.tar.gz
firejail-91dcea1a21373438069c6b5cac67b21012c3a7e3.tar.zst
firejail-91dcea1a21373438069c6b5cac67b21012c3a7e3.zip
vim: support commands private-cwd, dbus-*, seccomp.32, allow-debuggers
Diffstat (limited to 'contrib')
-rw-r--r--contrib/vim/syntax/firejail.vim10
1 files changed, 7 insertions, 3 deletions
diff --git a/contrib/vim/syntax/firejail.vim b/contrib/vim/syntax/firejail.vim
index a41da76cc..c63d31be9 100644
--- a/contrib/vim/syntax/firejail.vim
+++ b/contrib/vim/syntax/firejail.vim
@@ -41,6 +41,7 @@ syn match fjRmenvVar "[A-Za-z0-9_]\+" contained
41syn keyword fjAll all contained 41syn keyword fjAll all contained
42syn keyword fjNone none contained 42syn keyword fjNone none contained
43syn keyword fjLo lo contained 43syn keyword fjLo lo contained
44syn keyword fjFilter filter contained
44 45
45" Variable names grabbed from: src/firejail/macros.c 46" Variable names grabbed from: src/firejail/macros.c
46" Generate list with: rg -o '\$\{([^}]+)\}' -r '$1' src/firejail/macros.c | sort -u | tr $'\n' '|' 47" Generate list with: rg -o '\$\{([^}]+)\}' -r '$1' src/firejail/macros.c | sort -u | tr $'\n' '|'
@@ -48,14 +49,14 @@ syn match fjVar /\v\$\{(CFG|DESKTOP|DOCUMENTS|DOWNLOADS|HOME|MUSIC|PATH|PICTURES
48 49
49" Commands grabbed from: src/firejail/profile.c 50" Commands grabbed from: src/firejail/profile.c
50" Generate list with: { rg -o 'strn?cmp\(ptr, "([^"]+) "' -r '$1' src/firejail/profile.c; echo private-lib; } | grep -vEx '(include|ignore|caps\.drop|caps\.keep|protocol|seccomp|seccomp\.drop|seccomp\.keep|env|rmenv|net|ip)' | sort -u | tr $'\n' '|' # private-lib is special-cased in the code and doesn't match the regex; grep-ed patterns are handled later with 'syn match nextgroup=' directives (except for include which is special-cased as a fjCommandNoCond keyword) 51" Generate list with: { rg -o 'strn?cmp\(ptr, "([^"]+) "' -r '$1' src/firejail/profile.c; echo private-lib; } | grep -vEx '(include|ignore|caps\.drop|caps\.keep|protocol|seccomp|seccomp\.drop|seccomp\.keep|env|rmenv|net|ip)' | sort -u | tr $'\n' '|' # private-lib is special-cased in the code and doesn't match the regex; grep-ed patterns are handled later with 'syn match nextgroup=' directives (except for include which is special-cased as a fjCommandNoCond keyword)
51syn match fjCommand /\v(bind|blacklist|blacklist-nolog|cgroup|cpu|defaultgw|dns|hostname|hosts-file|ip6|iprange|join-or-start|mac|mkdir|mkfile|mtu|name|netfilter|netfilter6|netmask|nice|noblacklist|noexec|nowhitelist|overlay-named|private|private-bin|private-etc|private-home|private-lib|private-opt|private-srv|read-only|read-write|rlimit-as|rlimit-cpu|rlimit-fsize|rlimit-nofile|rlimit-nproc|rlimit-sigpending|timeout|tmpfs|veth-name|whitelist|xephyr-screen) / skipwhite contained 52syn match fjCommand /\v(bind|blacklist|blacklist-nolog|cgroup|cpu|defaultgw|dns|hostname|hosts-file|ip6|iprange|join-or-start|mac|mkdir|mkfile|mtu|name|netfilter|netfilter6|netmask|nice|noblacklist|noexec|nowhitelist|overlay-named|private|private-bin|private-cwd|private-etc|private-home|private-lib|private-opt|private-srv|read-only|read-write|rlimit-as|rlimit-cpu|rlimit-fsize|rlimit-nofile|rlimit-nproc|rlimit-sigpending|timeout|tmpfs|veth-name|whitelist|xephyr-screen) / skipwhite contained
52" Generate list with: rg -o 'strn?cmp\(ptr, "([^ "]*[^ ])"' -r '$1' src/firejail/profile.c | grep -vEx '(include|rlimit|quiet)' | sed -e 's/\./\\./' | sort -u | tr $'\n' '|' # include/rlimit are false positives, quiet is special-cased below 53" Generate list with: rg -o 'strn?cmp\(ptr, "([^ "]*[^ ])"' -r '$1' src/firejail/profile.c | grep -vEx '(include|rlimit|quiet)' | sed -e 's/\./\\./' | sort -u | tr $'\n' '|' # include/rlimit are false positives, quiet is special-cased below
53syn match fjCommand /\v(allusers|apparmor|caps|disable-mnt|ipc-namespace|keep-config-pulse|keep-dev-shm|keep-var-tmp|machine-id|memory-deny-write-execute|netfilter|no3d|noautopulse|nodbus|nodvd|nogroups|noinput|nonewprivs|noroot|nosound|notv|nou2f|novideo|overlay|overlay-tmpfs|private|private-cache|private-dev|private-lib|private-tmp|seccomp|seccomp\.block-secondary|tracelog|writable-etc|writable-run-user|writable-var|writable-var-log|x11)$/ contained 54syn match fjCommand /\v(allow-debuggers|allusers|apparmor|caps|disable-mnt|ipc-namespace|keep-config-pulse|keep-dev-shm|keep-var-tmp|machine-id|memory-deny-write-execute|netfilter|no3d|noautopulse|nodbus|nodvd|nogroups|noinput|nonewprivs|noroot|nosound|notv|nou2f|novideo|overlay|overlay-tmpfs|private|private-cache|private-cwd|private-dev|private-lib|private-tmp|seccomp|seccomp.32|seccomp\.block-secondary|tracelog|writable-etc|writable-run-user|writable-var|writable-var-log|x11)$/ contained
54syn match fjCommand /ignore / nextgroup=fjCommand,fjCommandNoCond skipwhite contained 55syn match fjCommand /ignore / nextgroup=fjCommand,fjCommandNoCond skipwhite contained
55syn match fjCommand /caps\.drop / nextgroup=fjCapability,fjAll skipwhite contained 56syn match fjCommand /caps\.drop / nextgroup=fjCapability,fjAll skipwhite contained
56syn match fjCommand /caps\.keep / nextgroup=fjCapability skipwhite contained 57syn match fjCommand /caps\.keep / nextgroup=fjCapability skipwhite contained
57syn match fjCommand /protocol / nextgroup=fjProtocol skipwhite contained 58syn match fjCommand /protocol / nextgroup=fjProtocol skipwhite contained
58syn match fjCommand /\vseccomp(\.drop|\.keep)? / nextgroup=fjSyscall skipwhite contained 59syn match fjCommand /\vseccomp(.32)?(\.drop|\.keep)? / nextgroup=fjSyscall skipwhite contained
59syn match fjCommand /x11 / nextgroup=fjX11Sandbox skipwhite contained 60syn match fjCommand /x11 / nextgroup=fjX11Sandbox skipwhite contained
60syn match fjCommand /env / nextgroup=fjEnvVar skipwhite contained 61syn match fjCommand /env / nextgroup=fjEnvVar skipwhite contained
61syn match fjCommand /rmenv / nextgroup=fjRmenvVar skipwhite contained 62syn match fjCommand /rmenv / nextgroup=fjRmenvVar skipwhite contained
@@ -63,6 +64,8 @@ syn match fjCommand /shell / nextgroup=fjNone skipwhite contained
63syn match fjCommand /net / nextgroup=fjNone,fjLo skipwhite contained 64syn match fjCommand /net / nextgroup=fjNone,fjLo skipwhite contained
64syn match fjCommand /ip / nextgroup=fjNone skipwhite contained 65syn match fjCommand /ip / nextgroup=fjNone skipwhite contained
65syn match fjCommand /seccomp-error-action / nextgroup=fjSeccompAction skipwhite contained 66syn match fjCommand /seccomp-error-action / nextgroup=fjSeccompAction skipwhite contained
67syn match fjCommand /\vdbus-(user|system) / nextgroup=fjFilter,fjNone skipwhite contained
68syn match fjCommand /\vdbus-(user|system)\.(broadcast|call|own|see|talk) / skipwhite contained
66" Commands that can't be inside a ?CONDITIONAL: statement 69" Commands that can't be inside a ?CONDITIONAL: statement
67syn match fjCommandNoCond /include / skipwhite contained 70syn match fjCommandNoCond /include / skipwhite contained
68syn match fjCommandNoCond /quiet$/ contained 71syn match fjCommandNoCond /quiet$/ contained
@@ -90,6 +93,7 @@ hi def link fjRmenvVar Type
90hi def link fjAll Type 93hi def link fjAll Type
91hi def link fjNone Type 94hi def link fjNone Type
92hi def link fjLo Type 95hi def link fjLo Type
96hi def link fjFilter Type
93hi def link fjSeccompAction Constant 97hi def link fjSeccompAction Constant
94 98
95 99
generated by cgit v1.2.3-54-g00ecf (git 2.45.1) at 2024-05-25 19:42:03 +0000