" @make_input@ " Vim syntax file " Language: Firejail security sandbox profile " URL: https://github.com/netblue30/firejail if exists("b:current_syntax") finish endif syn iskeyword @,48-57,_,.,- syn keyword fjTodo TODO FIXME XXX NOTE contained syn match fjComment "#.*$" contains=fjTodo "TODO: highlight "dangerous" capabilities differently, as is done in apparmor.vim? syn keyword fjCapability audit_control audit_read audit_write block_suspend chown dac_override dac_read_search fowner fsetid ipc_lock ipc_owner kill lease linux_immutable mac_admin mac_override mknod net_admin net_bind_service net_broadcast net_raw setgid setfcap setpcap setuid sys_admin sys_boot sys_chroot sys_module sys_nice sys_pacct sys_ptrace sys_rawio sys_resource sys_time sys_tty_config syslog wake_alarm nextgroup=fjCapabilityList contained syn match fjCapabilityList /,/ nextgroup=fjCapability contained syn keyword fjNamespaces cgroup ipc net mnt pid time user uts nextgroup=fjNamespacesList contained syn match fjNamespacesList /,/ nextgroup=fjNamespaces contained syn keyword fjProtocol unix inet inet6 netlink packet nextgroup=fjProtocolList contained syn match fjProtocolList /,/ nextgroup=fjProtocol contained " Syscalls (auto-generated) syn keyword fjSyscall @FJ_SYSCALLS@ nextgroup=fjSyscallErrno contained " Syscall groups (auto-generated) syn match fjSyscall /\v\@(@FJ_SYSCALL_GROUPS@)>/ nextgroup=fjSyscallErrno contained syn match fjSyscall /\$[0-9]\+/ nextgroup=fjSyscallErrno contained " Errnos (auto-generated) syn match fjSyscallErrno /\v(:(@FJ_SYSTEM_ERRNOS@)>)?/ nextgroup=fjSyscallList contained syn match fjSyscallList /,/ nextgroup=fjSyscall contained syn keyword fjX11Sandbox none xephyr xorg xpra xvfb contained syn keyword fjSeccompAction kill log ERRNO contained syn match fjEnvVar "[A-Za-z0-9_]\+=" contained syn match fjRmenvVar "[A-Za-z0-9_]\+" contained syn keyword fjAll all contained syn keyword fjNone none contained syn keyword fjLo lo contained syn keyword fjFilter filter contained " Variable names (auto-generated) syn match fjVar /\v\$\{(@FJ_PROFILE_MACROS@)}/ " Profile commands with 1 argument (auto-generated) syn match fjCommand /\v(@FJ_PROFILE_COMMANDS_ARG1@) / skipwhite contained " Profile commands with 0 arguments (auto-generated) syn match fjCommand /\v(@FJ_PROFILE_COMMANDS_ARG0@)$/ contained syn match fjCommand /ignore / nextgroup=fjCommand,fjCommandNoCond skipwhite contained syn match fjCommand /caps\.drop / nextgroup=fjCapability,fjAll skipwhite contained syn match fjCommand /caps\.keep / nextgroup=fjCapability skipwhite contained syn match fjCommand /protocol / nextgroup=fjProtocol skipwhite contained syn match fjCommand /restrict-namespaces / nextgroup=fjNamespaces skipwhite contained syn match fjCommand /\vseccomp(\.32)?(\.drop|\.keep)? / nextgroup=fjSyscall skipwhite contained syn match fjCommand /x11 / nextgroup=fjX11Sandbox skipwhite contained syn match fjCommand /env / nextgroup=fjEnvVar skipwhite contained syn match fjCommand /rmenv / nextgroup=fjRmenvVar skipwhite contained syn match fjCommand /shell / nextgroup=fjNone skipwhite contained syn match fjCommand /net / nextgroup=fjNone,fjLo skipwhite contained syn match fjCommand /ip / nextgroup=fjNone skipwhite contained syn match fjCommand /seccomp-error-action / nextgroup=fjSeccompAction skipwhite contained syn match fjCommand /\vdbus-(user|system) / nextgroup=fjFilter,fjNone skipwhite contained syn match fjCommand /\vdbus-(user|system)\.(broadcast|call|own|see|talk) / skipwhite contained " Commands that can't be inside a ?CONDITIONAL: statement syn match fjCommandNoCond /include / skipwhite contained syn match fjCommandNoCond /quiet$/ contained " Conditionals (auto-generated) syn match fjConditional /\v\?(@FJ_PROFILE_CONDITIONALS@) ?:/ nextgroup=fjCommand skipwhite contained " A line is either a command, a conditional or a comment syn match fjStatement /^/ nextgroup=fjCommand,fjCommandNoCond,fjConditional,fjComment hi def link fjTodo Todo hi def link fjComment Comment hi def link fjCommand Statement hi def link fjCommandNoCond Statement hi def link fjConditional Macro hi def link fjVar Identifier hi def link fjCapability Type hi def link fjProtocol Type hi def link fjSyscall Type hi def link fjSyscallErrno Constant hi def link fjX11Sandbox Type hi def link fjEnvVar Type hi def link fjRmenvVar Type hi def link fjAll Type hi def link fjNone Type hi def link fjLo Type hi def link fjFilter Type hi def link fjSeccompAction Type let b:current_syntax = "firejail"