update apparmor.vim to support "capability," (which allows all

capabilities). The rule will be marked in the "dangerous capability" color. Additionally, the patch removes the (already commented out) code for "set capability". Acked-by: Kees Cook <kees@ubuntu.com>
2025-03-04 08:24:42 +01:00 · 2012-02-15 23:44:39 +01:00 · 2012-02-15 23:44:39 +01:00 · 4d406621ee
commit 4d406621ee
parent e074def743
1 changed files with 2 additions and 3 deletions
--- a/utils/vim/apparmor.vim.in
+++ b/utils/vim/apparmor.vim.in
@ -135,9 +135,8 @@ syn keyword sdCapDanger	       @@sdKapKeyDanger@@

 " full line. Keywords are from sdCapKey + sdCapDanger
 syn match  sdCap /\v^\s*@@auditdeny@@capability\s+(@@sdKapKeyRegex@@)@@EOL@@/ contains=sdCapKey,sdCapDanger,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
-" set capability was removed - TODO: remove everywhere in apparmor.vim
-" syn match  sdSetCap /\v^\s*set\s+capability\s+(@@sdKapKeyRegex@@)@@EOL@@/ contains=sdCapKey,sdCapDanger,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
-
+" all capabilities ('capability' without any keyword)
+syn match  sdCapDanger /\v^\s*@@auditdeny@@capability@@EOL@@/ contains=sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude

 " Network line
 " Syntax: network domain (inet, ...) type (stream, ...) protocol (tcp, ...)