1 files changed, 99 insertions, 0 deletions
diff --git a/contrib/syntax/files/firejail.vim.in b/contrib/syntax/files/firejail.vim.in
new file mode 100644
index 000000000..ec6b29e4f
--- /dev/null
+++ b/contrib/syntax/files/firejail.vim.in
@@ -0,0 +1,99 @@
+" @make_input@
+" Vim syntax file
+" Language: Firejail security sandbox profile
+" URL: https://github.com/netblue30/firejail
+if exists("b:current_syntax")
+  finish
+endif
+syn iskeyword @,48-57,_,.,-
+syn keyword fjTodo TODO FIXME XXX NOTE contained
+syn match fjComment "#.*$" contains=fjTodo
+"TODO: highlight "dangerous" capabilities differently, as is done in apparmor.vim?
+syn keyword fjCapability audit_control audit_read audit_write block_suspend chown dac_override dac_read_search fowner fsetid ipc_lock ipc_owner kill lease linux_immutable mac_admin mac_override mknod net_admin net_bind_service net_broadcast net_raw setgid setfcap setpcap setuid sys_admin sys_boot sys_chroot sys_module sys_nice sys_pacct sys_ptrace sys_rawio sys_resource sys_time sys_tty_config syslog wake_alarm nextgroup=fjCapabilityList contained
+syn match fjCapabilityList /,/ nextgroup=fjCapability contained
+syn keyword fjNamespaces cgroup ipc net mnt pid time user uts nextgroup=fjNamespacesList contained
+syn match fjNamespacesList /,/ nextgroup=fjNamespaces contained
+syn keyword fjProtocol unix inet inet6 netlink packet nextgroup=fjProtocolList contained
+syn match fjProtocolList /,/ nextgroup=fjProtocol contained
+" Syscalls (auto-generated)
+syn keyword fjSyscall @FJ_SYSCALLS@ nextgroup=fjSyscallErrno contained
+" Syscall groups (auto-generated)
+syn match fjSyscall /\v\@(@FJ_SYSCALL_GROUPS@)>/ nextgroup=fjSyscallErrno contained
+syn match fjSyscall /\$[0-9]\+/ nextgroup=fjSyscallErrno contained
+" Errnos (auto-generated)
+syn match fjSyscallErrno /\v(:(@FJ_SYSTEM_ERRNOS@)>)?/ nextgroup=fjSyscallList contained
+syn match fjSyscallList /,/ nextgroup=fjSyscall contained
+syn keyword fjX11Sandbox none xephyr xorg xpra xvfb contained
+syn keyword fjSeccompAction kill log ERRNO contained
+syn match fjEnvVar "[A-Za-z0-9_]\+=" contained
+syn match fjRmenvVar "[A-Za-z0-9_]\+" contained
+syn keyword fjAll all contained
+syn keyword fjNone none contained
+syn keyword fjLo lo contained
+syn keyword fjFilter filter contained
+" Variable names (auto-generated)
+syn match fjVar /\v\$\{(@FJ_PROFILE_MACROS@)}/
+" Profile commands with 1 argument (auto-generated)
+syn match fjCommand /\v(@FJ_PROFILE_COMMANDS_ARG1@) / skipwhite contained
+" Profile commands with 0 arguments (auto-generated)
+syn match fjCommand /\v(@FJ_PROFILE_COMMANDS_ARG0@)$/ contained
+syn match fjCommand /ignore / nextgroup=fjCommand,fjCommandNoCond skipwhite contained
+syn match fjCommand /caps\.drop / nextgroup=fjCapability,fjAll skipwhite contained
+syn match fjCommand /caps\.keep / nextgroup=fjCapability skipwhite contained
+syn match fjCommand /protocol / nextgroup=fjProtocol skipwhite contained
+syn match fjCommand /restrict-namespaces / nextgroup=fjNamespaces skipwhite contained
+syn match fjCommand /\vseccomp(\.32)?(\.drop|\.keep)? / nextgroup=fjSyscall skipwhite contained
+syn match fjCommand /x11 / nextgroup=fjX11Sandbox skipwhite contained
+syn match fjCommand /env / nextgroup=fjEnvVar skipwhite contained
+syn match fjCommand /rmenv / nextgroup=fjRmenvVar skipwhite contained
+syn match fjCommand /shell / nextgroup=fjNone skipwhite contained
+syn match fjCommand /net / nextgroup=fjNone,fjLo skipwhite contained
+syn match fjCommand /ip / nextgroup=fjNone skipwhite contained
+syn match fjCommand /seccomp-error-action / nextgroup=fjSeccompAction skipwhite contained
+syn match fjCommand /\vdbus-(user|system) / nextgroup=fjFilter,fjNone skipwhite contained
+syn match fjCommand /\vdbus-(user|system)\.(broadcast|call|own|see|talk) / skipwhite contained
+" Commands that can't be inside a ?CONDITIONAL: statement
+syn match fjCommandNoCond /include / skipwhite contained
+syn match fjCommandNoCond /quiet$/ contained
+" Conditionals (auto-generated)
+syn match fjConditional /\v\?(@FJ_PROFILE_CONDITIONALS@) ?:/ nextgroup=fjCommand skipwhite contained
+" A line is either a command, a conditional or a comment
+syn match fjStatement /^/ nextgroup=fjCommand,fjCommandNoCond,fjConditional,fjComment
+hi def link fjTodo Todo
+hi def link fjComment Comment
+hi def link fjCommand Statement
+hi def link fjCommandNoCond Statement
+hi def link fjConditional Macro
+hi def link fjVar Identifier
+hi def link fjCapability Type
+hi def link fjProtocol Type
+hi def link fjSyscall Type
+hi def link fjSyscallErrno Constant
+hi def link fjX11Sandbox Type
+hi def link fjEnvVar Type
+hi def link fjRmenvVar Type
+hi def link fjAll Type
+hi def link fjNone Type
+hi def link fjLo Type
+hi def link fjFilter Type
+hi def link fjSeccompAction Type
+let b:current_syntax = "firejail"

diff --git a/contrib/syntax/files/firejail.vim.in b/contrib/syntax/files/firejail.vim.in new file mode 100644 index 000000000..ec6b29e4f --- /dev/null +++ b/contrib/syntax/files/firejail.vim.in
@@ -0,0 +1,99 @@
	1	" @make_input@
	2	" Vim syntax file
	3	" Language: Firejail security sandbox profile
	4	" URL: https://github.com/netblue30/firejail
	5
	6	if exists("b:current_syntax")
	7	finish
	8	endif
	9
	10
	11	syn iskeyword @,48-57,_,.,-
	12
	13
	14	syn keyword fjTodo TODO FIXME XXX NOTE contained
	15	syn match fjComment "#.*$" contains=fjTodo
	16
	17	"TODO: highlight "dangerous" capabilities differently, as is done in apparmor.vim?
	18	syn keyword fjCapability audit_control audit_read audit_write block_suspend chown dac_override dac_read_search fowner fsetid ipc_lock ipc_owner kill lease linux_immutable mac_admin mac_override mknod net_admin net_bind_service net_broadcast net_raw setgid setfcap setpcap setuid sys_admin sys_boot sys_chroot sys_module sys_nice sys_pacct sys_ptrace sys_rawio sys_resource sys_time sys_tty_config syslog wake_alarm nextgroup=fjCapabilityList contained
	19	syn match fjCapabilityList /,/ nextgroup=fjCapability contained
	20
	21	syn keyword fjNamespaces cgroup ipc net mnt pid time user uts nextgroup=fjNamespacesList contained
	22	syn match fjNamespacesList /,/ nextgroup=fjNamespaces contained
	23
	24	syn keyword fjProtocol unix inet inet6 netlink packet nextgroup=fjProtocolList contained
	25	syn match fjProtocolList /,/ nextgroup=fjProtocol contained
	26
	27	" Syscalls (auto-generated)
	28	syn keyword fjSyscall @FJ_SYSCALLS@ nextgroup=fjSyscallErrno contained
	29	" Syscall groups (auto-generated)
	30	syn match fjSyscall /\v\@(@FJ_SYSCALL_GROUPS@)>/ nextgroup=fjSyscallErrno contained
	31	syn match fjSyscall /\$[0-9]\+/ nextgroup=fjSyscallErrno contained
	32	" Errnos (auto-generated)
	33	syn match fjSyscallErrno /\v(:(@FJ_SYSTEM_ERRNOS@)>)?/ nextgroup=fjSyscallList contained
	34	syn match fjSyscallList /,/ nextgroup=fjSyscall contained
	35
	36	syn keyword fjX11Sandbox none xephyr xorg xpra xvfb contained
	37	syn keyword fjSeccompAction kill log ERRNO contained
	38
	39	syn match fjEnvVar "[A-Za-z0-9_]\+=" contained
	40	syn match fjRmenvVar "[A-Za-z0-9_]\+" contained
	41
	42	syn keyword fjAll all contained
	43	syn keyword fjNone none contained
	44	syn keyword fjLo lo contained
	45	syn keyword fjFilter filter contained
	46
	47	" Variable names (auto-generated)
	48	syn match fjVar /\v\$\{(@FJ_PROFILE_MACROS@)}/
	49
	50	" Profile commands with 1 argument (auto-generated)
	51	syn match fjCommand /\v(@FJ_PROFILE_COMMANDS_ARG1@) / skipwhite contained
	52	" Profile commands with 0 arguments (auto-generated)
	53	syn match fjCommand /\v(@FJ_PROFILE_COMMANDS_ARG0@)$/ contained
	54	syn match fjCommand /ignore / nextgroup=fjCommand,fjCommandNoCond skipwhite contained
	55	syn match fjCommand /caps\.drop / nextgroup=fjCapability,fjAll skipwhite contained
	56	syn match fjCommand /caps\.keep / nextgroup=fjCapability skipwhite contained
	57	syn match fjCommand /protocol / nextgroup=fjProtocol skipwhite contained
	58	syn match fjCommand /restrict-namespaces / nextgroup=fjNamespaces skipwhite contained
	59	syn match fjCommand /\vseccomp(\.32)?(\.drop\|\.keep)? / nextgroup=fjSyscall skipwhite contained
	60	syn match fjCommand /x11 / nextgroup=fjX11Sandbox skipwhite contained
	61	syn match fjCommand /env / nextgroup=fjEnvVar skipwhite contained
	62	syn match fjCommand /rmenv / nextgroup=fjRmenvVar skipwhite contained
	63	syn match fjCommand /shell / nextgroup=fjNone skipwhite contained
	64	syn match fjCommand /net / nextgroup=fjNone,fjLo skipwhite contained
	65	syn match fjCommand /ip / nextgroup=fjNone skipwhite contained
	66	syn match fjCommand /seccomp-error-action / nextgroup=fjSeccompAction skipwhite contained
	67	syn match fjCommand /\vdbus-(user\|system) / nextgroup=fjFilter,fjNone skipwhite contained
	68	syn match fjCommand /\vdbus-(user\|system)\.(broadcast\|call\|own\|see\|talk) / skipwhite contained
	69	" Commands that can't be inside a ?CONDITIONAL: statement
	70	syn match fjCommandNoCond /include / skipwhite contained
	71	syn match fjCommandNoCond /quiet$/ contained
	72
	73	" Conditionals (auto-generated)
	74	syn match fjConditional /\v\?(@FJ_PROFILE_CONDITIONALS@) ?:/ nextgroup=fjCommand skipwhite contained
	75
	76	" A line is either a command, a conditional or a comment
	77	syn match fjStatement /^/ nextgroup=fjCommand,fjCommandNoCond,fjConditional,fjComment
	78
	79	hi def link fjTodo Todo
	80	hi def link fjComment Comment
	81	hi def link fjCommand Statement
	82	hi def link fjCommandNoCond Statement
	83	hi def link fjConditional Macro
	84	hi def link fjVar Identifier
	85	hi def link fjCapability Type
	86	hi def link fjProtocol Type
	87	hi def link fjSyscall Type
	88	hi def link fjSyscallErrno Constant
	89	hi def link fjX11Sandbox Type
	90	hi def link fjEnvVar Type
	91	hi def link fjRmenvVar Type
	92	hi def link fjAll Type
	93	hi def link fjNone Type
	94	hi def link fjLo Type
	95	hi def link fjFilter Type
	96	hi def link fjSeccompAction Type
	97
	98
	99	let b:current_syntax = "firejail"