mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-29 13:28:19 +00:00
Code Issues Releases Wiki Activity

Zbyniu Krzystolik <zbyniu@pld-linux.org>

Browse Source 
Added missing capabilities names.
Simple rlimits support.  It doesn't care about range of individual limit, 
you can add ie -100G stack size or 100M nice. But maybe sufficient?
This commit is contained in:
John Johansen 2008-06-09 23:30:35 +00:00
parent 2781d88abc
commit e663e7c0b0
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
utils/apparmor.vim
View File

@ -38,6 +38,7 @@ hi sdEntryW ctermfg=yellow
"hi sdCap ctermfg=lightblue
"hi sdCapKey cterm=underline ctermfg=lightblue
hi link sdCapKey Label
hi link sdLimKey Label
hi def link sdEntryR Normal
hi sdError cterm=bold ctermbg=red
hi link sdFlagKey Label
@ -48,9 +49,11 @@ hi sdCapDanger ctermfg=red
" that many rules and profiles shouldn't be _extremely_ large...
syn sync fromstart
syn keyword sdCapKey chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease
syn keyword sdCapKey chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap mac_override mac_admin
syn keyword sdCapDanger sys_admin
syn keyword sdLimKey cpu fsize data stack core rss nofile ofile as nproc memlock locks sigpending msgqueue nice rtprio
syn keyword sdFlagKey complain audit debug
" highlight some invalid syntax
@ -60,7 +63,7 @@ syn match sdError /}/
syn match sdGlob /\v\?|\*|\{.*,.*\}|[[^\]]\+\]/
syn cluster sdEntry contains=sdEntryR,sdEntryW,sdEntryIX,sdEntryPX,sdEntryUX,sdCap
syn cluster sdEntry contains=sdEntryR,sdEntryW,sdEntryIX,sdEntryPX,sdEntryUX,sdCap,sdLim
" unconstrained entry, flag the line red
syn match sdEntryUX /\v^\s*\/\S*\s+(l|r|w|ux)+\s*,(\s*$|(\s*#.*$)\@=)/ contained contains=sdGlob nextgroup=@sdEntry,sdComment,sdError
@ -74,6 +77,8 @@ syn match sdError /\v^\s*\/\S*\s+(l|r|w|u|p|i)+\s*,(\s*$|(\s*#.*$)\@=)/ contain
syn match sdEntryW /\v^\s*\/\S*\s+(l|r|w)+\s*,(\s*$|(\s*#.*$)\@=)/ contained contains=sdGlob nextgroup=@sdEntry,sdComment,sdError
" Capability line
syn match sdCap /\v^\s*capability\s+\S+\s*,(\s*$|(\s*#.*$)\@=)/ contained contains=sdCapKey,sdCapDanger nextgroup=@sdEntry,sdComment,sdError
" Rlimits
syn match sdLim /\v^\s*set\s+rlimit\s+\S+\s*\<\=\s*(|-)[0-9]+(|K|M|G)+\s*,(\s*$|(\s*#.*$)\@=)/ contained contains=sdLimKey nextgroup=@sdEntry,sdComment,sdError
" read entry, no highlighting
syn match sdEntryR /\v^\s*\/\S*\s+[rl]+\s*,(\s*$|(\s*#.*$)\@=)/ contained contains=sdGlob nextgroup=@sdEntry,sdComment,sdError