blob: 61c37f98fdd2cec723c3eddc48f7a688352f5cbc (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
|
<?xml version="1.0" encoding="UTF-8"?>
<!-- vim: set ts=2 sts=2 sw=2 et: -->
<!--
https://gitlab.gnome.org/GNOME/gtksourceview/-/blob/master/docs/lang-tutorial.md
https://gitlab.gnome.org/GNOME/gtksourceview/-/blob/master/docs/lang-reference.md
-->
<language id="firejail-profile" name="Firejail Profile" version="2.0" _section="Other">
<metadata>
<property name="mimetypes">text/plain;text/x-firejail-profile</property>
<property name="globs">*.profile;*.local;*.inc</property>
<property name="line-comment-start">#</property>
</metadata>
<styles>
<style id="comment" name="Comment" map-to="def:comment"/>
<style id="condition" name="Condition" map-to="def:preprocessor"/>
<style id="command" name="Command" map-to="def:keyword"/>
<style id="invalid" name="Invalid" map-to="def:error"/>
</styles>
<definitions>
<define-regex id="commands-with-arguments" extended="true">
(apparmor|bind|blacklist-nolog|blacklist|caps.drop|caps.keep|cpu|dbus-system.broadcast|dbus-system.call|dbus-system.own|dbus-system.see|dbus-system.talk|dbus-system|dbus-user.broadcast|dbus-user.call|dbus-user.own|dbus-user.see|dbus-user.talk|dbus-user|defaultgw|dns|env|hostname|hosts-file|ignore|include|ip6|ip|iprange|join-or-start|keep-fd|mac|mkdir|mkfile|mtu|name|net|netfilter6|netfilter|netmask|netns|nice|noblacklist|noexec|nowhitelist|overlay-named|private-bin|private-cwd|private-etc|private-home|private-lib|private-opt|private-srv|private|protocol|read-only|read-write|restrict-namespaces|rlimit-as|rlimit-cpu|rlimit-fsize|rlimit-nofile|rlimit-nproc|rlimit-sigpending|rlimit|rmenv|seccomp-error-action|seccomp.32.drop|seccomp.32.keep|seccomp.32|seccomp.drop|seccomp.keep|seccomp|shell|timeout|tmpfs|veth-name|whitelist-ro|whitelist|x11|xephyr-screen)
</define-regex>
<define-regex id="commands-without-arguments" extended="true">
(allow-debuggers|allusers|apparmor|caps|deterministic-exit-code|deterministic-shutdown|disable-mnt|ipc-namespace|keep-config-pulse|keep-dev-shm|keep-fd|keep-var-tmp|machine-id|memory-deny-write-execute|netfilter|no3d|noautopulse|nodbus|nodvd|nogroups|noinput|nonewprivs|noprinters|noroot|nosound|notv|nou2f|novideo|overlay-tmpfs|overlay|private-cache|private-cwd|private-dev|private-lib|private-tmp|private|quiet|restrict-namespaces|seccomp.32|seccomp.block-secondary|seccomp|tab|tracelog|writable-etc|writable-run-user|writable-var-log|writable-var|x11)
</define-regex>
<define-regex id="conditions" extended="true">
(ALLOW_TRAY|BROWSER_ALLOW_DRM|BROWSER_DISABLE_U2F|HAS_APPIMAGE|HAS_NET|HAS_NODBUS|HAS_NOSOUND|HAS_X11)
</define-regex>
<context id="conditional-line">
<match>\?(?P<condition>\%{conditions}): </match>
<include>
<context sub-pattern="condition" style-ref="condition"/>
</include>
</context>
<context id="command-with-args">
<match>(?P<command>\%{commands-with-arguments}) (?P<args>.+)</match>
<include>
<context sub-pattern="command" style-ref="command"/>
</include>
</context>
<context id="command-without-args">
<match dupnames="true">(?P<command>\%{commands-without-arguments})</match>
<include>
<context sub-pattern="command" style-ref="command"/>
</include>
</context>
<context id="invalid" style-ref="invalid">
<match>.+</match>
</context>
<context id="firejail-profile" class="no-spell-check">
<include>
<context ref="def:shell-like-comment"/>
<context ref="conditional-line"/>
<context ref="command-with-args"/>
<context ref="command-without-args"/>
<context ref="invalid"/>
</include>
</context>
</definitions>
</language>
|