diff options
-rw-r--r-- | contrib/vim/syntax/firejail.vim | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/contrib/vim/syntax/firejail.vim b/contrib/vim/syntax/firejail.vim index a41da76cc..c63d31be9 100644 --- a/contrib/vim/syntax/firejail.vim +++ b/contrib/vim/syntax/firejail.vim | |||
@@ -41,6 +41,7 @@ syn match fjRmenvVar "[A-Za-z0-9_]\+" contained | |||
41 | syn keyword fjAll all contained | 41 | syn keyword fjAll all contained |
42 | syn keyword fjNone none contained | 42 | syn keyword fjNone none contained |
43 | syn keyword fjLo lo contained | 43 | syn keyword fjLo lo contained |
44 | syn keyword fjFilter filter contained | ||
44 | 45 | ||
45 | " Variable names grabbed from: src/firejail/macros.c | 46 | " Variable names grabbed from: src/firejail/macros.c |
46 | " Generate list with: rg -o '\$\{([^}]+)\}' -r '$1' src/firejail/macros.c | sort -u | tr $'\n' '|' | 47 | " Generate list with: rg -o '\$\{([^}]+)\}' -r '$1' src/firejail/macros.c | sort -u | tr $'\n' '|' |
@@ -48,14 +49,14 @@ syn match fjVar /\v\$\{(CFG|DESKTOP|DOCUMENTS|DOWNLOADS|HOME|MUSIC|PATH|PICTURES | |||
48 | 49 | ||
49 | " Commands grabbed from: src/firejail/profile.c | 50 | " Commands grabbed from: src/firejail/profile.c |
50 | " Generate list with: { rg -o 'strn?cmp\(ptr, "([^"]+) "' -r '$1' src/firejail/profile.c; echo private-lib; } | grep -vEx '(include|ignore|caps\.drop|caps\.keep|protocol|seccomp|seccomp\.drop|seccomp\.keep|env|rmenv|net|ip)' | sort -u | tr $'\n' '|' # private-lib is special-cased in the code and doesn't match the regex; grep-ed patterns are handled later with 'syn match nextgroup=' directives (except for include which is special-cased as a fjCommandNoCond keyword) | 51 | " Generate list with: { rg -o 'strn?cmp\(ptr, "([^"]+) "' -r '$1' src/firejail/profile.c; echo private-lib; } | grep -vEx '(include|ignore|caps\.drop|caps\.keep|protocol|seccomp|seccomp\.drop|seccomp\.keep|env|rmenv|net|ip)' | sort -u | tr $'\n' '|' # private-lib is special-cased in the code and doesn't match the regex; grep-ed patterns are handled later with 'syn match nextgroup=' directives (except for include which is special-cased as a fjCommandNoCond keyword) |
51 | syn match fjCommand /\v(bind|blacklist|blacklist-nolog|cgroup|cpu|defaultgw|dns|hostname|hosts-file|ip6|iprange|join-or-start|mac|mkdir|mkfile|mtu|name|netfilter|netfilter6|netmask|nice|noblacklist|noexec|nowhitelist|overlay-named|private|private-bin|private-etc|private-home|private-lib|private-opt|private-srv|read-only|read-write|rlimit-as|rlimit-cpu|rlimit-fsize|rlimit-nofile|rlimit-nproc|rlimit-sigpending|timeout|tmpfs|veth-name|whitelist|xephyr-screen) / skipwhite contained | 52 | syn match fjCommand /\v(bind|blacklist|blacklist-nolog|cgroup|cpu|defaultgw|dns|hostname|hosts-file|ip6|iprange|join-or-start|mac|mkdir|mkfile|mtu|name|netfilter|netfilter6|netmask|nice|noblacklist|noexec|nowhitelist|overlay-named|private|private-bin|private-cwd|private-etc|private-home|private-lib|private-opt|private-srv|read-only|read-write|rlimit-as|rlimit-cpu|rlimit-fsize|rlimit-nofile|rlimit-nproc|rlimit-sigpending|timeout|tmpfs|veth-name|whitelist|xephyr-screen) / skipwhite contained |
52 | " Generate list with: rg -o 'strn?cmp\(ptr, "([^ "]*[^ ])"' -r '$1' src/firejail/profile.c | grep -vEx '(include|rlimit|quiet)' | sed -e 's/\./\\./' | sort -u | tr $'\n' '|' # include/rlimit are false positives, quiet is special-cased below | 53 | " Generate list with: rg -o 'strn?cmp\(ptr, "([^ "]*[^ ])"' -r '$1' src/firejail/profile.c | grep -vEx '(include|rlimit|quiet)' | sed -e 's/\./\\./' | sort -u | tr $'\n' '|' # include/rlimit are false positives, quiet is special-cased below |
53 | syn match fjCommand /\v(allusers|apparmor|caps|disable-mnt|ipc-namespace|keep-config-pulse|keep-dev-shm|keep-var-tmp|machine-id|memory-deny-write-execute|netfilter|no3d|noautopulse|nodbus|nodvd|nogroups|noinput|nonewprivs|noroot|nosound|notv|nou2f|novideo|overlay|overlay-tmpfs|private|private-cache|private-dev|private-lib|private-tmp|seccomp|seccomp\.block-secondary|tracelog|writable-etc|writable-run-user|writable-var|writable-var-log|x11)$/ contained | 54 | syn match fjCommand /\v(allow-debuggers|allusers|apparmor|caps|disable-mnt|ipc-namespace|keep-config-pulse|keep-dev-shm|keep-var-tmp|machine-id|memory-deny-write-execute|netfilter|no3d|noautopulse|nodbus|nodvd|nogroups|noinput|nonewprivs|noroot|nosound|notv|nou2f|novideo|overlay|overlay-tmpfs|private|private-cache|private-cwd|private-dev|private-lib|private-tmp|seccomp|seccomp.32|seccomp\.block-secondary|tracelog|writable-etc|writable-run-user|writable-var|writable-var-log|x11)$/ contained |
54 | syn match fjCommand /ignore / nextgroup=fjCommand,fjCommandNoCond skipwhite contained | 55 | syn match fjCommand /ignore / nextgroup=fjCommand,fjCommandNoCond skipwhite contained |
55 | syn match fjCommand /caps\.drop / nextgroup=fjCapability,fjAll skipwhite contained | 56 | syn match fjCommand /caps\.drop / nextgroup=fjCapability,fjAll skipwhite contained |
56 | syn match fjCommand /caps\.keep / nextgroup=fjCapability skipwhite contained | 57 | syn match fjCommand /caps\.keep / nextgroup=fjCapability skipwhite contained |
57 | syn match fjCommand /protocol / nextgroup=fjProtocol skipwhite contained | 58 | syn match fjCommand /protocol / nextgroup=fjProtocol skipwhite contained |
58 | syn match fjCommand /\vseccomp(\.drop|\.keep)? / nextgroup=fjSyscall skipwhite contained | 59 | syn match fjCommand /\vseccomp(.32)?(\.drop|\.keep)? / nextgroup=fjSyscall skipwhite contained |
59 | syn match fjCommand /x11 / nextgroup=fjX11Sandbox skipwhite contained | 60 | syn match fjCommand /x11 / nextgroup=fjX11Sandbox skipwhite contained |
60 | syn match fjCommand /env / nextgroup=fjEnvVar skipwhite contained | 61 | syn match fjCommand /env / nextgroup=fjEnvVar skipwhite contained |
61 | syn match fjCommand /rmenv / nextgroup=fjRmenvVar skipwhite contained | 62 | syn match fjCommand /rmenv / nextgroup=fjRmenvVar skipwhite contained |
@@ -63,6 +64,8 @@ syn match fjCommand /shell / nextgroup=fjNone skipwhite contained | |||
63 | syn match fjCommand /net / nextgroup=fjNone,fjLo skipwhite contained | 64 | syn match fjCommand /net / nextgroup=fjNone,fjLo skipwhite contained |
64 | syn match fjCommand /ip / nextgroup=fjNone skipwhite contained | 65 | syn match fjCommand /ip / nextgroup=fjNone skipwhite contained |
65 | syn match fjCommand /seccomp-error-action / nextgroup=fjSeccompAction skipwhite contained | 66 | syn match fjCommand /seccomp-error-action / nextgroup=fjSeccompAction skipwhite contained |
67 | syn match fjCommand /\vdbus-(user|system) / nextgroup=fjFilter,fjNone skipwhite contained | ||
68 | syn match fjCommand /\vdbus-(user|system)\.(broadcast|call|own|see|talk) / skipwhite contained | ||
66 | " Commands that can't be inside a ?CONDITIONAL: statement | 69 | " Commands that can't be inside a ?CONDITIONAL: statement |
67 | syn match fjCommandNoCond /include / skipwhite contained | 70 | syn match fjCommandNoCond /include / skipwhite contained |
68 | syn match fjCommandNoCond /quiet$/ contained | 71 | syn match fjCommandNoCond /quiet$/ contained |
@@ -90,6 +93,7 @@ hi def link fjRmenvVar Type | |||
90 | hi def link fjAll Type | 93 | hi def link fjAll Type |
91 | hi def link fjNone Type | 94 | hi def link fjNone Type |
92 | hi def link fjLo Type | 95 | hi def link fjLo Type |
96 | hi def link fjFilter Type | ||
93 | hi def link fjSeccompAction Constant | 97 | hi def link fjSeccompAction Constant |
94 | 98 | ||
95 | 99 | ||