From 4d406621ee85899982b18d1fc0dddc2c79a32799 Mon Sep 17 00:00:00 2001
From: Christian Boltz <apparmor@cboltz.de>
Date: Wed, 15 Feb 2012 23:44:39 +0100
Subject: [PATCH] update apparmor.vim to support "capability," (which allows
 all capabilities). The rule will be marked in the "dangerous capability"
 color.

Additionally, the patch removes the (already commented out) code for
"set capability".

Acked-by: Kees Cook <kees@ubuntu.com>
---
 utils/vim/apparmor.vim.in | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/utils/vim/apparmor.vim.in b/utils/vim/apparmor.vim.in
index 54e36a7be..2f3f90ae7 100644
--- a/utils/vim/apparmor.vim.in
+++ b/utils/vim/apparmor.vim.in
@@ -135,9 +135,8 @@ syn keyword sdCapDanger	       @@sdKapKeyDanger@@
 
 " full line. Keywords are from sdCapKey + sdCapDanger
 syn match  sdCap /\v^\s*@@auditdeny@@capability\s+(@@sdKapKeyRegex@@)@@EOL@@/ contains=sdCapKey,sdCapDanger,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
-" set capability was removed - TODO: remove everywhere in apparmor.vim
-" syn match  sdSetCap /\v^\s*set\s+capability\s+(@@sdKapKeyRegex@@)@@EOL@@/ contains=sdCapKey,sdCapDanger,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
-
+" all capabilities ('capability' without any keyword)
+syn match  sdCapDanger /\v^\s*@@auditdeny@@capability@@EOL@@/ contains=sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
 
 " Network line
 " Syntax: network domain (inet, ...) type (stream, ...) protocol (tcp, ...)