Zsh Mailing List Archive
Messages sorted by: Reverse Date, Date, Thread, Author

Re: [PATCH 1/2] Introduce new completion for Linux task capabilities



On Fri, Feb 26, 2021 at 03:50:18PM +0000, Daniel Shahaf wrote:
> Arseny Maslennikov wrote on Fri, Feb 26, 2021 at 10:55:57 +0300:
> > The next patch introduces a completion for setpriv(1), which actively
> > uses _capability_names. As for _capabilities,
> 
> (The difference is _capability_names just returns the names in an
> array, while _capabilities actually adds them as completions.)
> 
> > there are currently no
> > users of this function, but I believe some utilities that handle caps
> > may actually want to use it (neither setpriv(1) nor setcap/getcap(8),
> > for instance, want to offer the cap names themselves as completion
> > results; instead they want to prefix each name or a comma-separated
> > sequence of names),
> 
> FWIW, I think it may well be possible to write _setpriv in terms of
> _capabilities as a black box, using some combination of _sequence,
> matchspecs, «compadd -P», et al..

Do you mean invoking «_capabilities -O array_name» to pass the -O to
compadd, and then using the array_name in _setpriv and possible future
users?
As far as I understand, in that case _capabilities will have to avoid
looping over tag labels, i. e. calling _wanted, as it does now.

> 
> As to setcap(8), it uses cap_from_text(3), which is a more elaborate
> format that presumably deserves its own completion function, to be used
> by any tool that uses that library function.

I'm likely not ready to write one just yet, but I agree.

> 
> To be clear, I'm not asking for anything to be changed.  (Others might,
> of course.)
> 
> > and if not yet — it is still available to be manually compdeffed.
> 
> So you pronounce "compdef" with the stress on the second syllable?

Yes, I do.
Never had the chance to hear the word in oral speech, though. :)

Come to think of it, considering the "comp" prefix is quite common in
our completion system, it doesn't make a lot of sense to stress "comp".

> 
> > +++ b/Completion/Linux/Type/_capabilities
> > @@ -0,0 +1,10 @@
> > +#autoload
> > +
> > +if [[ $OSTYPE != linux* ]]; then
> > +    _default; return
> > +fi
> 
> Why?  The code doesn't use /proc or /sbin/some-linux-only-tool, and
> having this guard prevents people on other OSTYPE's from completing «ssh
> $linuxbox foo --with-capability=<TAB>».

I intended to play nice in case unrelated "capabilities" are present (or
introduced later) on those OSTYPE's and pulled Oliver's trick from the
recently posted _unshare. There might be a better way to do it; I'm open
to discussion.

> 
> > +++ b/Completion/Linux/Type/_capability_names
> > @@ -0,0 +1,20 @@
> > +#autoload
> > +
> > +_capability_names() {
> > +  # Stores an array of Linux task capability names under a parameter
> > +  # named by the first argument.
> > +
> > +  # The list of Linux capabilities is taken from include/uapi/linux/capability.h
> > +  # and subject to the following pipe filter:
> > +  # grep 'define CAP' | sed -r 's/^[[:space:]]*#define[[:space:]]+//; s/[[:space:]]+[0-9]+$//' | tr '[[:upper:]]' '[[:lower:]]'

A nitpick to myself:
For simplicity I did not mention that this filter still appends between 3 and
6 lines to the desired output; they are of technical value and of no
use to us since they do not contain cap names, and can be stripped manually.

> > +  local -a C=(
> 
> Please use a longer, meaningful variable name.

OK.

> 
> > +    cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore
> 
> Suggest to list these one per line, because:
> 
> - Some interfaces (e.g., https://github.com/zsh-users/zsh/) support
>   line-based blame but not word-based blame (`git log -S`).
> 
> - If capabilities are ever removed, the diff removing them would be
>   clearer.
> 
> In terms of the filter, that's just «| xargs -n1».

I'd personally like them being listed one per line, too. Will do.

> 
> > +  )
> > +  set -A "$1" "${(@)C}"
> 
> Handle the case that no arguments were passed — e.g., by doing ${1:-reply}.

OK.

> 
> I'll leave reviewing 2/2 to someone else.

Ok; I'm going to send a revised series once 2/2 is reviewed in case
there are any problems with it.

> 
> Thanks for the patch,
> 
> Daniel

Attachment: signature.asc
Description: PGP signature



Messages sorted by: Reverse Date, Date, Thread, Author