diff options
-rw-r--r-- | .github/workflows/build-extra.yml | 2 | ||||
-rw-r--r-- | .github/workflows/codeql-analysis.yml | 2 | ||||
-rw-r--r-- | CONTRIBUTING.md | 1 | ||||
-rw-r--r-- | Makefile | 3 | ||||
-rw-r--r-- | contrib/gtksourceview-5/language-specs/firejail-profile.lang | 69 |
5 files changed, 77 insertions, 0 deletions
diff --git a/.github/workflows/build-extra.yml b/.github/workflows/build-extra.yml index dbd896f7f..6005548bb 100644 --- a/.github/workflows/build-extra.yml +++ b/.github/workflows/build-extra.yml | |||
@@ -6,6 +6,7 @@ on: | |||
6 | paths-ignore: | 6 | paths-ignore: |
7 | - '.github/ISSUE_TEMPLATE/*' | 7 | - '.github/ISSUE_TEMPLATE/*' |
8 | - 'etc/**' | 8 | - 'etc/**' |
9 | - 'contrib/gtksourceview-5/**' | ||
9 | - 'contrib/vim/**' | 10 | - 'contrib/vim/**' |
10 | - 'src/man/*.txt' | 11 | - 'src/man/*.txt' |
11 | - .git-blame-ignore-revs | 12 | - .git-blame-ignore-revs |
@@ -27,6 +28,7 @@ on: | |||
27 | paths-ignore: | 28 | paths-ignore: |
28 | - '.github/ISSUE_TEMPLATE/*' | 29 | - '.github/ISSUE_TEMPLATE/*' |
29 | - 'etc/**' | 30 | - 'etc/**' |
31 | - 'contrib/gtksourceview-5/**' | ||
30 | - 'contrib/vim/**' | 32 | - 'contrib/vim/**' |
31 | - 'src/man/*.txt' | 33 | - 'src/man/*.txt' |
32 | - .git-blame-ignore-revs | 34 | - .git-blame-ignore-revs |
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 10ed13c99..554a0bd6b 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml | |||
@@ -11,6 +11,7 @@ on: | |||
11 | paths-ignore: | 11 | paths-ignore: |
12 | - '.github/ISSUE_TEMPLATE/*' | 12 | - '.github/ISSUE_TEMPLATE/*' |
13 | - 'etc/**' | 13 | - 'etc/**' |
14 | - 'contrib/gtksourceview-5/**' | ||
14 | - 'contrib/vim/**' | 15 | - 'contrib/vim/**' |
15 | - 'src/man/*.txt' | 16 | - 'src/man/*.txt' |
16 | - .git-blame-ignore-revs | 17 | - .git-blame-ignore-revs |
@@ -32,6 +33,7 @@ on: | |||
32 | paths-ignore: | 33 | paths-ignore: |
33 | - '.github/ISSUE_TEMPLATE/*' | 34 | - '.github/ISSUE_TEMPLATE/*' |
34 | - 'etc/**' | 35 | - 'etc/**' |
36 | - 'contrib/gtksourceview-5/**' | ||
35 | - 'contrib/vim/**' | 37 | - 'contrib/vim/**' |
36 | - 'src/man/*.txt' | 38 | - 'src/man/*.txt' |
37 | - .git-blame-ignore-revs | 39 | - .git-blame-ignore-revs |
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 0f868d6c4..9a5f19b54 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md | |||
@@ -39,6 +39,7 @@ If you add a new command, here's the checklist: | |||
39 | - [ ] Update manpages: firejail(1) and firejail-profile(5) | 39 | - [ ] Update manpages: firejail(1) and firejail-profile(5) |
40 | - [ ] Update shell completions | 40 | - [ ] Update shell completions |
41 | - [ ] Update vim syntax files | 41 | - [ ] Update vim syntax files |
42 | - [ ] Update gtksourceview language specs | ||
42 | - [ ] Update --help | 43 | - [ ] Update --help |
43 | 44 | ||
44 | # Editing the wiki | 45 | # Editing the wiki |
@@ -125,6 +125,9 @@ ifeq ($(HAVE_CONTRIB_INSTALL),yes) | |||
125 | install -m 0755 -d $(DESTDIR)$(datarootdir)/vim/vimfiles/syntax | 125 | install -m 0755 -d $(DESTDIR)$(datarootdir)/vim/vimfiles/syntax |
126 | install -m 0644 contrib/vim/ftdetect/firejail.vim $(DESTDIR)$(datarootdir)/vim/vimfiles/ftdetect | 126 | install -m 0644 contrib/vim/ftdetect/firejail.vim $(DESTDIR)$(datarootdir)/vim/vimfiles/ftdetect |
127 | install -m 0644 contrib/vim/syntax/firejail.vim $(DESTDIR)$(datarootdir)/vim/vimfiles/syntax | 127 | install -m 0644 contrib/vim/syntax/firejail.vim $(DESTDIR)$(datarootdir)/vim/vimfiles/syntax |
128 | # gtksourceview-5 language-specs | ||
129 | install -m 0755 -d $(DESTDIR)$(datarootdir)/gtksourceview-5/language-specs | ||
130 | install -m 0644 contrib/gtksourceview-5/language-specs/firejail-profile.lang $(DESTDIR)$(datarootdir)/gtksourceview-5/language-specs | ||
128 | endif | 131 | endif |
129 | # documents | 132 | # documents |
130 | install -m 0755 -d $(DESTDIR)$(docdir) | 133 | install -m 0755 -d $(DESTDIR)$(docdir) |
diff --git a/contrib/gtksourceview-5/language-specs/firejail-profile.lang b/contrib/gtksourceview-5/language-specs/firejail-profile.lang new file mode 100644 index 000000000..61c37f98f --- /dev/null +++ b/contrib/gtksourceview-5/language-specs/firejail-profile.lang | |||
@@ -0,0 +1,69 @@ | |||
1 | <?xml version="1.0" encoding="UTF-8"?> | ||
2 | <!-- vim: set ts=2 sts=2 sw=2 et: --> | ||
3 | <!-- | ||
4 | https://gitlab.gnome.org/GNOME/gtksourceview/-/blob/master/docs/lang-tutorial.md | ||
5 | https://gitlab.gnome.org/GNOME/gtksourceview/-/blob/master/docs/lang-reference.md | ||
6 | --> | ||
7 | <language id="firejail-profile" name="Firejail Profile" version="2.0" _section="Other"> | ||
8 | <metadata> | ||
9 | <property name="mimetypes">text/plain;text/x-firejail-profile</property> | ||
10 | <property name="globs">*.profile;*.local;*.inc</property> | ||
11 | <property name="line-comment-start">#</property> | ||
12 | </metadata> | ||
13 | |||
14 | <styles> | ||
15 | <style id="comment" name="Comment" map-to="def:comment"/> | ||
16 | <style id="condition" name="Condition" map-to="def:preprocessor"/> | ||
17 | <style id="command" name="Command" map-to="def:keyword"/> | ||
18 | <style id="invalid" name="Invalid" map-to="def:error"/> | ||
19 | </styles> | ||
20 | |||
21 | <definitions> | ||
22 | <define-regex id="commands-with-arguments" extended="true"> | ||
23 | (apparmor|bind|blacklist-nolog|blacklist|caps.drop|caps.keep|cpu|dbus-system.broadcast|dbus-system.call|dbus-system.own|dbus-system.see|dbus-system.talk|dbus-system|dbus-user.broadcast|dbus-user.call|dbus-user.own|dbus-user.see|dbus-user.talk|dbus-user|defaultgw|dns|env|hostname|hosts-file|ignore|include|ip6|ip|iprange|join-or-start|keep-fd|mac|mkdir|mkfile|mtu|name|net|netfilter6|netfilter|netmask|netns|nice|noblacklist|noexec|nowhitelist|overlay-named|private-bin|private-cwd|private-etc|private-home|private-lib|private-opt|private-srv|private|protocol|read-only|read-write|restrict-namespaces|rlimit-as|rlimit-cpu|rlimit-fsize|rlimit-nofile|rlimit-nproc|rlimit-sigpending|rlimit|rmenv|seccomp-error-action|seccomp.32.drop|seccomp.32.keep|seccomp.32|seccomp.drop|seccomp.keep|seccomp|shell|timeout|tmpfs|veth-name|whitelist-ro|whitelist|x11|xephyr-screen) | ||
24 | </define-regex> | ||
25 | |||
26 | <define-regex id="commands-without-arguments" extended="true"> | ||
27 | (allow-debuggers|allusers|apparmor|caps|deterministic-exit-code|deterministic-shutdown|disable-mnt|ipc-namespace|keep-config-pulse|keep-dev-shm|keep-fd|keep-var-tmp|machine-id|memory-deny-write-execute|netfilter|no3d|noautopulse|nodbus|nodvd|nogroups|noinput|nonewprivs|noprinters|noroot|nosound|notv|nou2f|novideo|overlay-tmpfs|overlay|private-cache|private-cwd|private-dev|private-lib|private-tmp|private|quiet|restrict-namespaces|seccomp.32|seccomp.block-secondary|seccomp|tab|tracelog|writable-etc|writable-run-user|writable-var-log|writable-var|x11) | ||
28 | </define-regex> | ||
29 | |||
30 | <define-regex id="conditions" extended="true"> | ||
31 | (ALLOW_TRAY|BROWSER_ALLOW_DRM|BROWSER_DISABLE_U2F|HAS_APPIMAGE|HAS_NET|HAS_NODBUS|HAS_NOSOUND|HAS_X11) | ||
32 | </define-regex> | ||
33 | |||
34 | <context id="conditional-line"> | ||
35 | <match>\?(?P<condition>\%{conditions}): </match> | ||
36 | <include> | ||
37 | <context sub-pattern="condition" style-ref="condition"/> | ||
38 | </include> | ||
39 | </context> | ||
40 | |||
41 | <context id="command-with-args"> | ||
42 | <match>(?P<command>\%{commands-with-arguments}) (?P<args>.+)</match> | ||
43 | <include> | ||
44 | <context sub-pattern="command" style-ref="command"/> | ||
45 | </include> | ||
46 | </context> | ||
47 | |||
48 | <context id="command-without-args"> | ||
49 | <match dupnames="true">(?P<command>\%{commands-without-arguments})</match> | ||
50 | <include> | ||
51 | <context sub-pattern="command" style-ref="command"/> | ||
52 | </include> | ||
53 | </context> | ||
54 | |||
55 | <context id="invalid" style-ref="invalid"> | ||
56 | <match>.+</match> | ||
57 | </context> | ||
58 | |||
59 | <context id="firejail-profile" class="no-spell-check"> | ||
60 | <include> | ||
61 | <context ref="def:shell-like-comment"/> | ||
62 | <context ref="conditional-line"/> | ||
63 | <context ref="command-with-args"/> | ||
64 | <context ref="command-without-args"/> | ||
65 | <context ref="invalid"/> | ||
66 | </include> | ||
67 | </context> | ||
68 | </definitions> | ||
69 | </language> | ||