[PATCH 2/2] Introduce new completion for setpriv(1) on Linux

[Arseny Maslennikov <ar@xxxxxxxxx>]

This is a utility from util-linux which sets or queries various Linux
process privilege settings that are inherited across execve(2). More
info is available in the corresponding manual page[1].

[1] https://man7.org/linux/man-pages/man1/setpriv.1.html
---
 Completion/Linux/Command/_setpriv | 88 +++++++++++++++++++++++++++++++
 1 file changed, 88 insertions(+)
 create mode 100644 Completion/Linux/Command/_setpriv

diff --git a/Completion/Linux/Command/_setpriv b/Completion/Linux/Command/_setpriv
new file mode 100644
index 000000000..8fdd2ed10
--- /dev/null
+++ b/Completion/Linux/Command/_setpriv
@@ -0,0 +1,88 @@
+#compdef setpriv
+
+__setpriv_prctl_securebits_set_element() {
+  local -a expl matches
+  local -a bits
+
+  bits=(noroot noroot_locked
+        no_setuid_fixup no_setuid_fixup_locked
+        keep_caps_locked
+  )
+  matches=( {-,+}"${(@)^bits}" )
+  _wanted minus-plus-securebits expl 'prctl securebits' \
+    compadd "$@" -a - matches
+}
+
+__setpriv_prctl_securebits_set() {
+  _sequence __setpriv_prctl_securebits_set_element
+}
+
+__setpriv_capability_expressions() {
+  # Nonlocal expl; _description call expected.
+  local -a caps matches
+
+  _capability_names caps
+  # Strip the prefix "cap_" from every array element.
+  # For every element, prepend "-" and "+" to the element.
+  matches=( {-,+}"${(@)^caps#cap_}" )
+  compadd "$@" "${(@)expl}" -a - matches
+}
+
+__setpriv_caps_all() {
+  # Nonlocal expl; _description call expected.
+  local -a names matches
+
+  names=(all)
+  matches=( {-,+}"${(@)^names}" )
+  compadd "$@" "${(@)expl}" -a - matches
+}
+
+__setpriv_cap_set_element() {
+  # We pass through arguments from _sequence.
+  local -a Oargv=( "$@" )
+  _alternative -O Oargv \
+    'special-actions:drop/obtain all caps:__setpriv_caps_all' \
+    'minus-plus-caps:capabilities:__setpriv_capability_expressions' \
+    #
+}
+
+__setpriv_cap_set() {
+  _sequence __setpriv_cap_set_element
+}
+
+__setpriv_death_signals() {
+  _alternative \
+    'special-actions:keep or clear:(keep clear)' \
+    'signals:UNIX signals:_signals' \
+    #
+}
+
+local context state state_descr line
+typeset -A opt_args
+
+_arguments -S \
+  '(- : *)--help[print help and exit]' \
+  '(- : *)'{-V,--version}'[print version information and exit]' \
+  '(- : *)*'{-d,--dump}'[display the current privilege state]' \
+  '--clear-groups[clear supplementary groups]' \
+  '--groups[set supplementary groups]:groups:_groups' \
+  '--inh-caps[set inheritable caps]:capability set: __setpriv_cap_set' \
+  '--ambient-caps[set ambient caps]:capability set: __setpriv_cap_set' \
+  '--bounding-set[set the cap bounding set]:capability set: __setpriv_cap_set' \
+  '(- : *)--list-caps[list all known capabilities]' \
+  '--keep-groups[preserve supplementary groups]' \
+  '--init-groups[initialize supplementary groups]' \
+  '--no-new-privs[set NO_NEW_PRIVS]' \
+  '--rgid[set real UNIX group id]:UNIX group:_groups' \
+  '--egid[set effective UNIX group id]:UNIX group:_groups' \
+  '--regid[set real and effective UNIX group id]:UNIX group:_groups' \
+  '--ruid[set real UNIX user id]:UNIX user:_users' \
+  '--euid[set effective UNIX user id]:UNIX user:_users' \
+  '--reuid[set real and effective UNIX user id]:UNIX user:_users' \
+  '--securebits[set "process securebits"]:prctl securebits:__setpriv_prctl_securebits_set' \
+  '--pdeathsig[keep, clear, or set parent death signal]:signals: __setpriv_death_signals' \
+  '--selinux-label[request a selinux label]:SELinux labels: ' \
+  '--apparmor-profile[request an apparmor profile]:AppArmor profiles: ' \
+  '--reset-env[set environment as for a classic login shell]' \
+  '*:::command:_normal' \
+  #
-- 
2.30.1