mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-22 18:17:09 +00:00
Code Issues Releases Wiki Activity

apparmor.vim: add support for userns and the unconfined flag

Browse Source
This commit is contained in:
Christian Boltz 2024-05-25 13:48:00 +02:00
parent 38dfa14c60
commit 4cd39e70a0
No known key found for this signature in database
GPG Key ID: C6A682EA63C82F1C
2 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
utils/vim/apparmor.vim.in
View File

@ -60,6 +60,7 @@ syntax case match
hi sdCapKey cterm=underline ctermfg=lightblue
hi sdCapDanger ctermfg=darkred
hi sdRLimit ctermfg=lightblue
hi sdUserns ctermfg=darkred
hi def link sdEntryR Normal
hi def link sdEntryK Normal
hi def link sdFlags Normal
@ -116,7 +117,7 @@ syn match sdAlias /\v^\s*alias\s+@@FILENAME@@\s+-\>\s+@@FILENAME@@@@EOL@@/ conta
" List of all (supported) rules inside a profile.
" XXX When adding support for a new rule type, also add it here. XXX
" XXX Otherwise it will be highlighted as an error. XXX
syn cluster sdEntry contains=sdAll,sdEntryWriteExec,sdEntryR,sdEntryW,sdEntryIX,sdEntryPX,sdEntryPXe,sdEntryUX,sdEntryUXe,sdEntryM,sdCap,sdSetCap,sdExtHat,sdRLimit,sdNetwork,sdNetworkDanger,sdEntryChangeProfile
syn cluster sdEntry contains=sdAll,sdEntryWriteExec,sdEntryR,sdEntryW,sdEntryIX,sdEntryPX,sdEntryPXe,sdEntryUX,sdEntryUXe,sdEntryM,sdCap,sdSetCap,sdExtHat,sdRLimit,sdNetwork,sdNetworkDanger,sdEntryChangeProfile,sdUserns
" TODO: support audit and deny keywords for all rules (not only for files)
@ -166,6 +167,9 @@ syn match sdRLimit /\v^\s*set\s+rlimit\s+cpu\s+\<\=\s+[0-9]+(seconds|minutes|hou
syn match sdRLimit /\v^\s*set\s+rlimit\s+rttime\s+\<\=\s+[0-9]+(ms|seconds|minutes)?@@EOL@@/ contains=sdComment
syn match sdRLimit /\v^\s*set\s+rlimit\s+(cpu|rttime|nofile|nproc|rtprio|locks|sigpending|fsize|data|stack|core|rss|as|memlock|msgqueue|nice)\s+\<\=\s+infinity@@EOL@@/ contains=sdComment
" userns
syn match sdUserns /\v^\s*@@auditdeny@@userns(\s+create)?@@EOL@@/ contains=sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
" link rules
syn match sdEntryW /\v^\s+@@auditdenyowner@@link\s+(subset\s+)?@@FILENAME@@\s+-\>\s+@@FILENAME@@@@EOL@@/ contains=sdGlob,sdComment

1
utils/vim/create-apparmor.vim.py
View File

@ -77,6 +77,7 @@ for af_pair in af_pairs:
aa_network_types = r'\s+tcp|\s+udp|\s+icmp'
aa_flags = ('complain',
'unconfined',
'audit',
'attach_disconnected',
'no_attach_disconnected',