diff options
Diffstat (limited to 'contrib/syntax/files')
-rw-r--r-- | contrib/syntax/files/example.in | 16 | ||||
-rw-r--r-- | contrib/syntax/files/firejail-profile.lang.in | 70 | ||||
-rw-r--r-- | contrib/syntax/files/firejail.vim.in | 99 |
3 files changed, 185 insertions, 0 deletions
diff --git a/contrib/syntax/files/example.in b/contrib/syntax/files/example.in new file mode 100644 index 000000000..74bcdc079 --- /dev/null +++ b/contrib/syntax/files/example.in | |||
@@ -0,0 +1,16 @@ | |||
1 | # @make_input@ | ||
2 | # Example file to check the values of input variables. | ||
3 | |||
4 | FJ_PROFILE_COMMANDS_ARG0 = @FJ_PROFILE_COMMANDS_ARG0@ | ||
5 | |||
6 | FJ_PROFILE_COMMANDS_ARG1 = @FJ_PROFILE_COMMANDS_ARG1@ | ||
7 | |||
8 | FJ_PROFILE_CONDITIONALS = @FJ_PROFILE_CONDITIONALS@ | ||
9 | |||
10 | FJ_PROFILE_MACROS = @FJ_PROFILE_MACROS@ | ||
11 | |||
12 | FJ_SYSCALLS = @FJ_SYSCALLS@ | ||
13 | |||
14 | FJ_SYSCALL_GROUPS = @FJ_SYSCALL_GROUPS@ | ||
15 | |||
16 | FJ_SYSTEM_ERRNOS = @FJ_SYSTEM_ERRNOS@ | ||
diff --git a/contrib/syntax/files/firejail-profile.lang.in b/contrib/syntax/files/firejail-profile.lang.in new file mode 100644 index 000000000..acd5c86ce --- /dev/null +++ b/contrib/syntax/files/firejail-profile.lang.in | |||
@@ -0,0 +1,70 @@ | |||
1 | <?xml version="1.0" encoding="UTF-8"?> | ||
2 | <!-- @make_input@ --> | ||
3 | <!-- vim: set ts=2 sts=2 sw=2 et: --> | ||
4 | <!-- | ||
5 | https://gitlab.gnome.org/GNOME/gtksourceview/-/blob/master/docs/lang-tutorial.md | ||
6 | https://gitlab.gnome.org/GNOME/gtksourceview/-/blob/master/docs/lang-reference.md | ||
7 | --> | ||
8 | <language id="firejail-profile" name="Firejail Profile" version="2.0" _section="Other"> | ||
9 | <metadata> | ||
10 | <property name="mimetypes">text/plain;text/x-firejail-profile</property> | ||
11 | <property name="globs">*.profile;*.local;*.inc</property> | ||
12 | <property name="line-comment-start">#</property> | ||
13 | </metadata> | ||
14 | |||
15 | <styles> | ||
16 | <style id="comment" name="Comment" map-to="def:comment"/> | ||
17 | <style id="condition" name="Condition" map-to="def:preprocessor"/> | ||
18 | <style id="command" name="Command" map-to="def:keyword"/> | ||
19 | <style id="invalid" name="Invalid" map-to="def:error"/> | ||
20 | </styles> | ||
21 | |||
22 | <definitions> | ||
23 | <define-regex id="commands-with-arguments" extended="true"> | ||
24 | (@FJ_PROFILE_COMMANDS_ARG1@) | ||
25 | </define-regex> | ||
26 | |||
27 | <define-regex id="commands-without-arguments" extended="true"> | ||
28 | (@FJ_PROFILE_COMMANDS_ARG0@) | ||
29 | </define-regex> | ||
30 | |||
31 | <define-regex id="conditions" extended="true"> | ||
32 | (@FJ_PROFILE_CONDITIONALS@) | ||
33 | </define-regex> | ||
34 | |||
35 | <context id="conditional-line"> | ||
36 | <match>\?(?P<condition>\%{conditions}): </match> | ||
37 | <include> | ||
38 | <context sub-pattern="condition" style-ref="condition"/> | ||
39 | </include> | ||
40 | </context> | ||
41 | |||
42 | <context id="command-with-args"> | ||
43 | <match>(?P<command>\%{commands-with-arguments}) (?P<args>.+)</match> | ||
44 | <include> | ||
45 | <context sub-pattern="command" style-ref="command"/> | ||
46 | </include> | ||
47 | </context> | ||
48 | |||
49 | <context id="command-without-args"> | ||
50 | <match dupnames="true">(?P<command>\%{commands-without-arguments})</match> | ||
51 | <include> | ||
52 | <context sub-pattern="command" style-ref="command"/> | ||
53 | </include> | ||
54 | </context> | ||
55 | |||
56 | <context id="invalid" style-ref="invalid"> | ||
57 | <match>.+</match> | ||
58 | </context> | ||
59 | |||
60 | <context id="firejail-profile" class="no-spell-check"> | ||
61 | <include> | ||
62 | <context ref="def:shell-like-comment"/> | ||
63 | <context ref="conditional-line"/> | ||
64 | <context ref="command-with-args"/> | ||
65 | <context ref="command-without-args"/> | ||
66 | <context ref="invalid"/> | ||
67 | </include> | ||
68 | </context> | ||
69 | </definitions> | ||
70 | </language> | ||
diff --git a/contrib/syntax/files/firejail.vim.in b/contrib/syntax/files/firejail.vim.in new file mode 100644 index 000000000..ec6b29e4f --- /dev/null +++ b/contrib/syntax/files/firejail.vim.in | |||
@@ -0,0 +1,99 @@ | |||
1 | " @make_input@ | ||
2 | " Vim syntax file | ||
3 | " Language: Firejail security sandbox profile | ||
4 | " URL: https://github.com/netblue30/firejail | ||
5 | |||
6 | if exists("b:current_syntax") | ||
7 | finish | ||
8 | endif | ||
9 | |||
10 | |||
11 | syn iskeyword @,48-57,_,.,- | ||
12 | |||
13 | |||
14 | syn keyword fjTodo TODO FIXME XXX NOTE contained | ||
15 | syn match fjComment "#.*$" contains=fjTodo | ||
16 | |||
17 | "TODO: highlight "dangerous" capabilities differently, as is done in apparmor.vim? | ||
18 | syn keyword fjCapability audit_control audit_read audit_write block_suspend chown dac_override dac_read_search fowner fsetid ipc_lock ipc_owner kill lease linux_immutable mac_admin mac_override mknod net_admin net_bind_service net_broadcast net_raw setgid setfcap setpcap setuid sys_admin sys_boot sys_chroot sys_module sys_nice sys_pacct sys_ptrace sys_rawio sys_resource sys_time sys_tty_config syslog wake_alarm nextgroup=fjCapabilityList contained | ||
19 | syn match fjCapabilityList /,/ nextgroup=fjCapability contained | ||
20 | |||
21 | syn keyword fjNamespaces cgroup ipc net mnt pid time user uts nextgroup=fjNamespacesList contained | ||
22 | syn match fjNamespacesList /,/ nextgroup=fjNamespaces contained | ||
23 | |||
24 | syn keyword fjProtocol unix inet inet6 netlink packet nextgroup=fjProtocolList contained | ||
25 | syn match fjProtocolList /,/ nextgroup=fjProtocol contained | ||
26 | |||
27 | " Syscalls (auto-generated) | ||
28 | syn keyword fjSyscall @FJ_SYSCALLS@ nextgroup=fjSyscallErrno contained | ||
29 | " Syscall groups (auto-generated) | ||
30 | syn match fjSyscall /\v\@(@FJ_SYSCALL_GROUPS@)>/ nextgroup=fjSyscallErrno contained | ||
31 | syn match fjSyscall /\$[0-9]\+/ nextgroup=fjSyscallErrno contained | ||
32 | " Errnos (auto-generated) | ||
33 | syn match fjSyscallErrno /\v(:(@FJ_SYSTEM_ERRNOS@)>)?/ nextgroup=fjSyscallList contained | ||
34 | syn match fjSyscallList /,/ nextgroup=fjSyscall contained | ||
35 | |||
36 | syn keyword fjX11Sandbox none xephyr xorg xpra xvfb contained | ||
37 | syn keyword fjSeccompAction kill log ERRNO contained | ||
38 | |||
39 | syn match fjEnvVar "[A-Za-z0-9_]\+=" contained | ||
40 | syn match fjRmenvVar "[A-Za-z0-9_]\+" contained | ||
41 | |||
42 | syn keyword fjAll all contained | ||
43 | syn keyword fjNone none contained | ||
44 | syn keyword fjLo lo contained | ||
45 | syn keyword fjFilter filter contained | ||
46 | |||
47 | " Variable names (auto-generated) | ||
48 | syn match fjVar /\v\$\{(@FJ_PROFILE_MACROS@)}/ | ||
49 | |||
50 | " Profile commands with 1 argument (auto-generated) | ||
51 | syn match fjCommand /\v(@FJ_PROFILE_COMMANDS_ARG1@) / skipwhite contained | ||
52 | " Profile commands with 0 arguments (auto-generated) | ||
53 | syn match fjCommand /\v(@FJ_PROFILE_COMMANDS_ARG0@)$/ contained | ||
54 | syn match fjCommand /ignore / nextgroup=fjCommand,fjCommandNoCond skipwhite contained | ||
55 | syn match fjCommand /caps\.drop / nextgroup=fjCapability,fjAll skipwhite contained | ||
56 | syn match fjCommand /caps\.keep / nextgroup=fjCapability skipwhite contained | ||
57 | syn match fjCommand /protocol / nextgroup=fjProtocol skipwhite contained | ||
58 | syn match fjCommand /restrict-namespaces / nextgroup=fjNamespaces skipwhite contained | ||
59 | syn match fjCommand /\vseccomp(\.32)?(\.drop|\.keep)? / nextgroup=fjSyscall skipwhite contained | ||
60 | syn match fjCommand /x11 / nextgroup=fjX11Sandbox skipwhite contained | ||
61 | syn match fjCommand /env / nextgroup=fjEnvVar skipwhite contained | ||
62 | syn match fjCommand /rmenv / nextgroup=fjRmenvVar skipwhite contained | ||
63 | syn match fjCommand /shell / nextgroup=fjNone skipwhite contained | ||
64 | syn match fjCommand /net / nextgroup=fjNone,fjLo skipwhite contained | ||
65 | syn match fjCommand /ip / nextgroup=fjNone skipwhite contained | ||
66 | syn match fjCommand /seccomp-error-action / nextgroup=fjSeccompAction skipwhite contained | ||
67 | syn match fjCommand /\vdbus-(user|system) / nextgroup=fjFilter,fjNone skipwhite contained | ||
68 | syn match fjCommand /\vdbus-(user|system)\.(broadcast|call|own|see|talk) / skipwhite contained | ||
69 | " Commands that can't be inside a ?CONDITIONAL: statement | ||
70 | syn match fjCommandNoCond /include / skipwhite contained | ||
71 | syn match fjCommandNoCond /quiet$/ contained | ||
72 | |||
73 | " Conditionals (auto-generated) | ||
74 | syn match fjConditional /\v\?(@FJ_PROFILE_CONDITIONALS@) ?:/ nextgroup=fjCommand skipwhite contained | ||
75 | |||
76 | " A line is either a command, a conditional or a comment | ||
77 | syn match fjStatement /^/ nextgroup=fjCommand,fjCommandNoCond,fjConditional,fjComment | ||
78 | |||
79 | hi def link fjTodo Todo | ||
80 | hi def link fjComment Comment | ||
81 | hi def link fjCommand Statement | ||
82 | hi def link fjCommandNoCond Statement | ||
83 | hi def link fjConditional Macro | ||
84 | hi def link fjVar Identifier | ||
85 | hi def link fjCapability Type | ||
86 | hi def link fjProtocol Type | ||
87 | hi def link fjSyscall Type | ||
88 | hi def link fjSyscallErrno Constant | ||
89 | hi def link fjX11Sandbox Type | ||
90 | hi def link fjEnvVar Type | ||
91 | hi def link fjRmenvVar Type | ||
92 | hi def link fjAll Type | ||
93 | hi def link fjNone Type | ||
94 | hi def link fjLo Type | ||
95 | hi def link fjFilter Type | ||
96 | hi def link fjSeccompAction Type | ||
97 | |||
98 | |||
99 | let b:current_syntax = "firejail" | ||