From c7c4f57d13b0e5720ee672a1761663d739d0bffa Mon Sep 17 00:00:00 2001 From: "Kelvin M. Klann" Date: Wed, 25 Jan 2023 01:37:40 -0300 Subject: build: auto-generate syntax lists Changes: * Use the commands from contrib/vim/syntax/firejail.vim to create makefile targets to generate syntax lists in contrib/syntax/lists * Add contrib/syntax/files/example.in as an example of how to generate syntax files * Generate and add the syntax lists, to make it easier to spot if they are properly updated when a new command is added or if their recipes also need changes * Add "syntax" and "contrib" makefile targets Note: The generation commands are executed mostly silently to avoid generating too much noise when also making other targets. Note2: In some generation commands, a `$$` escape is used to pass `$` to the shell, to avoid being interpreted by make as the start of a macro. Note3: `@make_input@` is used in example.in to make it clear that the file is generated (and that it is generated by make rather than configure), similarly to how `@configure_input@` is used in configure input files. See also apparmor.vim: $ head -n 2 /usr/share/vim/vimfiles/syntax/apparmor.vim " generated from apparmor.vim.in by create-apparmor.vim.py " do not edit this file - edit apparmor.vim.in or create-apparmor.vim.py instead Environment: apparmor 3.1.2-1 on Artix Linux. Relates to #2679 #5502 #5577 #5612. --- contrib/syntax/files/example.in | 16 + contrib/syntax/lists/profile_commands_arg0.list | 50 +++ contrib/syntax/lists/profile_commands_arg1.list | 76 ++++ contrib/syntax/lists/profile_conditionals.list | 9 + contrib/syntax/lists/profile_macros.list | 10 + contrib/syntax/lists/syscall_groups.list | 29 ++ contrib/syntax/lists/syscalls.list | 454 ++++++++++++++++++++++++ contrib/syntax/lists/system_errnos.list | 135 +++++++ 8 files changed, 779 insertions(+) create mode 100644 contrib/syntax/files/example.in create mode 100644 contrib/syntax/lists/profile_commands_arg0.list create mode 100644 contrib/syntax/lists/profile_commands_arg1.list create mode 100644 contrib/syntax/lists/profile_conditionals.list create mode 100644 contrib/syntax/lists/profile_macros.list create mode 100644 contrib/syntax/lists/syscall_groups.list create mode 100644 contrib/syntax/lists/syscalls.list create mode 100644 contrib/syntax/lists/system_errnos.list (limited to 'contrib') diff --git a/contrib/syntax/files/example.in b/contrib/syntax/files/example.in new file mode 100644 index 000000000..74bcdc079 --- /dev/null +++ b/contrib/syntax/files/example.in @@ -0,0 +1,16 @@ +# @make_input@ +# Example file to check the values of input variables. + +FJ_PROFILE_COMMANDS_ARG0 = @FJ_PROFILE_COMMANDS_ARG0@ + +FJ_PROFILE_COMMANDS_ARG1 = @FJ_PROFILE_COMMANDS_ARG1@ + +FJ_PROFILE_CONDITIONALS = @FJ_PROFILE_CONDITIONALS@ + +FJ_PROFILE_MACROS = @FJ_PROFILE_MACROS@ + +FJ_SYSCALLS = @FJ_SYSCALLS@ + +FJ_SYSCALL_GROUPS = @FJ_SYSCALL_GROUPS@ + +FJ_SYSTEM_ERRNOS = @FJ_SYSTEM_ERRNOS@ diff --git a/contrib/syntax/lists/profile_commands_arg0.list b/contrib/syntax/lists/profile_commands_arg0.list new file mode 100644 index 000000000..a402671a6 --- /dev/null +++ b/contrib/syntax/lists/profile_commands_arg0.list @@ -0,0 +1,50 @@ +allow-debuggers +allusers +apparmor +apparmor-replace +apparmor-stack +caps +deterministic-exit-code +deterministic-shutdown +disable-mnt +ipc-namespace +keep-config-pulse +keep-dev-shm +keep-var-tmp +machine-id +memory-deny-write-execute +netfilter +netlock +no3d +noautopulse +nodbus +nodvd +nogroups +noinput +nonewprivs +noprinters +noroot +nosound +notv +nou2f +novideo +overlay +overlay-tmpfs +private +private-cache +private-cwd +private-dev +private-etc +private-lib +private-tmp +quiet +restrict-namespaces +seccomp +seccomp\.block-secondary +tab +tracelog +writable-etc +writable-run-user +writable-var +writable-var-log +x11 diff --git a/contrib/syntax/lists/profile_commands_arg1.list b/contrib/syntax/lists/profile_commands_arg1.list new file mode 100644 index 000000000..c703f2257 --- /dev/null +++ b/contrib/syntax/lists/profile_commands_arg1.list @@ -0,0 +1,76 @@ +apparmor +bind +blacklist +blacklist-nolog +caps.drop +caps.keep +cpu +dbus-system.broadcast +dbus-system.call +dbus-system.own +dbus-system.see +dbus-system.talk +dbus-user.broadcast +dbus-user.call +dbus-user.own +dbus-user.see +dbus-user.talk +defaultgw +dns +env +hostname +hosts-file +ignore +include +ip +ip6 +iprange +join-or-start +keep-fd +mac +mkdir +mkfile +mtu +name +net +netfilter +netfilter6 +netmask +netns +nice +noblacklist +noexec +nowhitelist +overlay-named +private +private-bin +private-cwd +private-etc +private-home +private-lib +private-opt +private-srv +protocol +read-only +read-write +restrict-namespaces +rlimit-as +rlimit-cpu +rlimit-fsize +rlimit-nofile +rlimit-nproc +rlimit-sigpending +rmenv +seccomp +seccomp-error-action +seccomp.32 +seccomp.32.drop +seccomp.32.keep +seccomp.drop +seccomp.keep +timeout +tmpfs +veth-name +whitelist +whitelist-ro +xephyr-screen diff --git a/contrib/syntax/lists/profile_conditionals.list b/contrib/syntax/lists/profile_conditionals.list new file mode 100644 index 000000000..2cae76c96 --- /dev/null +++ b/contrib/syntax/lists/profile_conditionals.list @@ -0,0 +1,9 @@ +ALLOW_TRAY +BROWSER_ALLOW_DRM +BROWSER_DISABLE_U2F +HAS_APPIMAGE +HAS_NET +HAS_NODBUS +HAS_NOSOUND +HAS_PRIVATE +HAS_X11 diff --git a/contrib/syntax/lists/profile_macros.list b/contrib/syntax/lists/profile_macros.list new file mode 100644 index 000000000..4ba780f11 --- /dev/null +++ b/contrib/syntax/lists/profile_macros.list @@ -0,0 +1,10 @@ +CFG +DESKTOP +DOCUMENTS +DOWNLOADS +HOME +MUSIC +PATH +PICTURES +RUNUSER +VIDEOS diff --git a/contrib/syntax/lists/syscall_groups.list b/contrib/syntax/lists/syscall_groups.list new file mode 100644 index 000000000..fb42ae5f7 --- /dev/null +++ b/contrib/syntax/lists/syscall_groups.list @@ -0,0 +1,29 @@ +aio +basic-io +chown +clock +cpu-emulation +debug +default +default-keep +default-nodebuggers +file-system +io-event +ipc +keyring +memlock +module +mount +network-io +obsolete +privileged +process +raw-io +reboot +resources +setuid +signal +swap +sync +system-service +timer diff --git a/contrib/syntax/lists/syscalls.list b/contrib/syntax/lists/syscalls.list new file mode 100644 index 000000000..abb740b24 --- /dev/null +++ b/contrib/syntax/lists/syscalls.list @@ -0,0 +1,454 @@ +_llseek +_newselect +_sysctl +accept +accept4 +access +acct +add_key +adjtimex +afs_syscall +alarm +arch_prctl +arm_fadvise64_64 +arm_sync_file_range +bdflush +bind +bpf +break +brk +capget +capset +chdir +chmod +chown +chown32 +chroot +clock_adjtime +clock_adjtime64 +clock_getres +clock_getres_time64 +clock_gettime +clock_gettime64 +clock_nanosleep +clock_nanosleep_time64 +clock_settime +clock_settime64 +clone +clone3 +close +close_range +connect +copy_file_range +creat +create_module +delete_module +dup +dup2 +dup3 +epoll_create +epoll_create1 +epoll_ctl +epoll_ctl_old +epoll_pwait +epoll_pwait2 +epoll_wait +epoll_wait_old +eventfd +eventfd2 +execve +execveat +exit +exit_group +faccessat +faccessat2 +fadvise64 +fadvise64_64 +fallocate +fanotify_init +fanotify_mark +fchdir +fchmod +fchmodat +fchown +fchown32 +fchownat +fcntl +fcntl64 +fdatasync +fgetxattr +finit_module +flistxattr +flock +fork +fremovexattr +fsconfig +fsetxattr +fsmount +fsopen +fspick +fstat +fstat64 +fstatat64 +fstatfs +fstatfs64 +fsync +ftime +ftruncate +ftruncate64 +futex +futex_time64 +futex_waitv +futimesat +get_kernel_syms +get_mempolicy +get_robust_list +get_thread_area +getcpu +getcwd +getdents +getdents64 +getegid +getegid32 +geteuid +geteuid32 +getgid +getgid32 +getgroups +getgroups32 +getitimer +getpeername +getpgid +getpgrp +getpid +getpmsg +getppid +getpriority +getrandom +getresgid +getresgid32 +getresuid +getresuid32 +getrlimit +getrusage +getsid +getsockname +getsockopt +gettid +gettimeofday +getuid +getuid32 +getxattr +gtty +idle +init_module +inotify_add_watch +inotify_init +inotify_init1 +inotify_rm_watch +io_cancel +io_destroy +io_getevents +io_pgetevents +io_pgetevents_time64 +io_setup +io_submit +io_uring_enter +io_uring_register +io_uring_setup +ioctl +ioperm +iopl +ioprio_get +ioprio_set +ipc +kcmp +kexec_file_load +kexec_load +keyctl +kill +landlock_add_rule +landlock_create_ruleset +landlock_restrict_self +lchown +lchown32 +lgetxattr +link +linkat +listen +listxattr +llistxattr +lock +lookup_dcookie +lremovexattr +lseek +lsetxattr +lstat +lstat64 +madvise +mbind +membarrier +memfd_create +migrate_pages +mincore +mkdir +mkdirat +mknod +mknodat +mlock +mlock2 +mlockall +mmap +mmap2 +modify_ldt +mount +mount_setattr +move_mount +move_pages +mprotect +mpx +mq_getsetattr +mq_notify +mq_open +mq_timedreceive +mq_timedreceive_time64 +mq_timedsend +mq_timedsend_time64 +mq_unlink +mremap +msgctl +msgget +msgrcv +msgsnd +msync +munlock +munlockall +munmap +name_to_handle_at +nanosleep +newfstatat +nfsservctl +nice +oldfstat +oldlstat +oldolduname +oldstat +olduname +open +open_by_handle_at +open_tree +openat +openat2 +pause +pciconfig_iobase +pciconfig_read +pciconfig_write +perf_event_open +personality +pidfd_getfd +pidfd_open +pidfd_send_signal +pipe +pipe2 +pivot_root +pkey_alloc +pkey_free +pkey_mprotect +poll +ppoll +ppoll_time64 +prctl +pread64 +preadv +preadv2 +prlimit64 +process_madvise +process_mrelease +process_vm_readv +process_vm_writev +prof +profil +pselect6 +pselect6_time64 +ptrace +putpmsg +pwrite64 +pwritev +pwritev2 +query_module +quotactl +quotactl_fd +read +readahead +readdir +readlink +readlinkat +readv +reboot +recv +recvfrom +recvmmsg +recvmmsg_time64 +recvmsg +remap_file_pages +removexattr +rename +renameat +renameat2 +request_key +restart_syscall +rmdir +rseq +rt_sigaction +rt_sigpending +rt_sigprocmask +rt_sigqueueinfo +rt_sigreturn +rt_sigsuspend +rt_sigtimedwait +rt_sigtimedwait_time64 +rt_tgsigqueueinfo +sched_get_priority_max +sched_get_priority_min +sched_getaffinity +sched_getattr +sched_getparam +sched_getscheduler +sched_rr_get_interval +sched_rr_get_interval_time64 +sched_setaffinity +sched_setattr +sched_setparam +sched_setscheduler +sched_yield +seccomp +security +select +semctl +semget +semop +semtimedop +semtimedop_time64 +send +sendfile +sendfile64 +sendmmsg +sendmsg +sendto +set_mempolicy +set_robust_list +set_thread_area +set_tid_address +setdomainname +setfsgid +setfsgid32 +setfsuid +setfsuid32 +setgid +setgid32 +setgroups +setgroups32 +sethostname +setitimer +setns +setpgid +setpriority +setregid +setregid32 +setresgid +setresgid32 +setresuid +setresuid32 +setreuid +setreuid32 +setrlimit +setsid +setsockopt +settimeofday +setuid +setuid32 +setxattr +sgetmask +shmat +shmctl +shmdt +shmget +shutdown +sigaction +sigaltstack +signal +signalfd +signalfd4 +sigpending +sigprocmask +sigreturn +sigsuspend +socket +socketcall +socketpair +splice +ssetmask +stat +stat64 +statfs +statfs64 +statx +stime +stty +swapoff +swapon +symlink +symlinkat +sync +sync_file_range +syncfs +sysfs +sysinfo +syslog +tee +tgkill +time +timer_create +timer_delete +timer_getoverrun +timer_gettime +timer_gettime64 +timer_settime +timer_settime64 +timerfd_create +timerfd_gettime +timerfd_gettime64 +timerfd_settime +timerfd_settime64 +times +tkill +truncate +truncate64 +tuxcall +ugetrlimit +ulimit +umask +umount +umount2 +uname +unlink +unlinkat +unshare +uselib +userfaultfd +ustat +utime +utimensat +utimensat_time64 +utimes +vfork +vhangup +vm86 +vm86old +vmsplice +vserver +wait4 +waitid +waitpid +write +writev diff --git a/contrib/syntax/lists/system_errnos.list b/contrib/syntax/lists/system_errnos.list new file mode 100644 index 000000000..f0f816943 --- /dev/null +++ b/contrib/syntax/lists/system_errnos.list @@ -0,0 +1,135 @@ +E2BIG +EACCES +EADDRINUSE +EADDRNOTAVAIL +EADV +EAFNOSUPPORT +EAGAIN +EALREADY +EBADE +EBADF +EBADFD +EBADMSG +EBADR +EBADRQC +EBADSLT +EBFONT +EBUSY +ECANCELED +ECHILD +ECHRNG +ECOMM +ECONNABORTED +ECONNREFUSED +ECONNRESET +EDEADLK +EDEADLOCK +EDESTADDRREQ +EDOM +EDOTDOT +EDQUOT +EEXIST +EFAULT +EFBIG +EHOSTDOWN +EHOSTUNREACH +EHWPOISON +EIDRM +EILSEQ +EINPROGRESS +EINTR +EINVAL +EIO +EISCONN +EISDIR +EISNAM +EKEYEXPIRED +EKEYREJECTED +EKEYREVOKED +EL2HLT +EL2NSYNC +EL3HLT +EL3RST +ELIBACC +ELIBBAD +ELIBEXEC +ELIBMAX +ELIBSCN +ELNRNG +ELOOP +EMEDIUMTYPE +EMFILE +EMLINK +EMSGSIZE +EMULTIHOP +ENAMETOOLONG +ENAVAIL +ENETDOWN +ENETRESET +ENETUNREACH +ENFILE +ENOANO +ENOATTR +ENOBUFS +ENOCSI +ENODATA +ENODEV +ENOENT +ENOEXEC +ENOKEY +ENOLCK +ENOLINK +ENOMEDIUM +ENOMEM +ENOMSG +ENONET +ENOPKG +ENOPROTOOPT +ENOSPC +ENOSR +ENOSTR +ENOSYS +ENOTBLK +ENOTCONN +ENOTDIR +ENOTEMPTY +ENOTNAM +ENOTRECOVERABLE +ENOTSOCK +ENOTSUP +ENOTTY +ENOTUNIQ +ENXIO +EOPNOTSUPP +EOVERFLOW +EOWNERDEAD +EPERM +EPFNOSUPPORT +EPIPE +EPROTO +EPROTONOSUPPORT +EPROTOTYPE +ERANGE +EREMCHG +EREMOTE +EREMOTEIO +ERESTART +ERFKILL +EROFS +ESHUTDOWN +ESOCKTNOSUPPORT +ESPIPE +ESRCH +ESRMNT +ESTALE +ESTRPIPE +ETIME +ETIMEDOUT +ETOOMANYREFS +ETXTBSY +EUCLEAN +EUNATCH +EUSERS +EWOULDBLOCK +EXDEV +EXFULL -- cgit v1.2.3-54-g00ecf