On Fri, Jan 17, 2014 at 12:45:27AM +0100, Christian Boltz wrote: > (and BTW, did you test if apparmor.vim displays all tests from 12/18 > correctly?)
Apparently I missed all the incorrect highlighting vim gave me while
creating those test cases, because no, apparmor.vim does not display
many of them correctly. The following is a patch to address the
shortcomings I found:
Subject: utils: fix apparmor.vim rlimits support
The rlimits syntax checking support in apparmor.vim was broken in
various unhelpful ways:
- lacked support for the 'infinity' keyword (aka RLIM_INFINITY)
- lacked support for the 'ofile' rlimit, an alias for the nofile rlimit
- lacked support for the 'cpu' rlimit (aka RLIMIT_CPU)
- incorrect syntax for nofile|nproc|rtprio rlimits (didn't include
required '<=' between the limit name and value)
- incorrect syntax for specifying optional SI units for size based
rlimits (e.g. 'MB' is required, but syntax only allowed incorrect
'M'; that said, one could argue the parser is overly strict here,
and the pattern should be '[KMG]B?')
(See the setrelimit(2) man page for more details on the specifics of the
rlimit definitions.)
This patch fixes the above issues.
Signed-off-by: Steve Beattie <[email protected]>
---
utils/vim/apparmor.vim.in | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
Index: b/utils/vim/apparmor.vim.in
===================================================================
--- a/utils/vim/apparmor.vim.in
+++ b/utils/vim/apparmor.vim.in
@@ -155,10 +155,12 @@ syn match sdEntryChangeProfile /\v^
" TODO: audit and deny support will be added (JJ, 2011-01-11)
"
"syn match sdRLimit /\v^\s*rlimit\s+()@@EOL@@/ contains=sdComment
-syn match sdRLimit
/\v^\s*set\s+rlimit\s+(nofile|nproc|rtprio)\s+[0-9]+@@EOL@@/ contains=sdComment
+syn match sdRLimit
/\v^\s*set\s+rlimit\s+(nofile|ofile|nproc|rtprio)\s+\<\=\s+[0-9]+@@EOL@@/
contains=sdComment
syn match sdRLimit
/\v^\s*set\s+rlimit\s+(locks|sigpending)\s+\<\=\s+[0-9]+@@EOL@@/
contains=sdComment
-syn match sdRLimit
/\v^\s*set\s+rlimit\s+(fsize|data|stack|core|rss|as|memlock|msgqueue)\s+\<\=\s+[0-9]+([KMG])?@@EOL@@/
contains=sdComment
+syn match sdRLimit
/\v^\s*set\s+rlimit\s+(fsize|data|stack|core|rss|as|memlock|msgqueue)\s+\<\=\s+[0-9]+([KMG]B)?@@EOL@@/
contains=sdComment
syn match sdRLimit
/\v^\s*set\s+rlimit\s+nice\s+\<\=\s+(-1?[0-9]|-20|1?[0-9])@@EOL@@/
contains=sdComment
+syn match sdRLimit
/\v^\s*set\s+rlimit\s+cpu\s+\<\=\s+[0-9]+(seconds|minutes|hours|days)?@@EOL@@/
contains=sdComment
+syn match sdRLimit
/\v^\s*set\s+rlimit\s+(cpu|nofile|nproc|rtprio|locks|sigpending|fsize|data|stack|core|rss|as|memlock|msgqueue|nice)\s+\<\=\s+infinity@@EOL@@/
contains=sdComment
" link rules
syn match sdEntryW
/\v^\s+@@auditdenyowner@@link\s+(subset\s+)?@@FILENAME@@\s+-\>\s+@@FILENAME@@@@EOL@@/
contains=sdGlob
--
Steve Beattie
<[email protected]>
http://NxNW.org/~steve/
signature.asc
Description: Digital signature
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
