Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

[PATCH v2 2/3] Introduce new completion for setpriv(1) on Linux

X-seq: zsh-workers 48210
From: Arseny Maslennikov <ar@xxxxxxxxx>
To: zsh-workers@xxxxxxx
Cc: Arseny Maslennikov <ar@xxxxxxxxx>
Subject: [PATCH v2 2/3] Introduce new completion for setpriv(1) on Linux
Date: Sun, 21 Mar 2021 16:01:30 +0300
Archived-at: <https://zsh.org/workers/48210>
Archived-at: <http://www.zsh.org/sympa/arcsearch_id/zsh-workers/2021-03/20210321130131.1667276-2-ar%40cs.msu.ru>
In-reply-to: <20210321130131.1667276-1-ar@cs.msu.ru>
List-id: <zsh-workers.zsh.org>
References: <20210321130131.1667276-1-ar@cs.msu.ru>

This is a utility from util-linux which sets or queries various Linux
process privilege settings that are inherited across execve(2). More
info is available in the corresponding manual page[1].

[1] https://man7.org/linux/man-pages/man1/setpriv.1.html
---
Changes since v1:
* Code style and grammar adjustments to comply with Etc/completion-style-guide.
* The code now uses compset -P to handle -/+ when completing caps and
  prctl securebits.
* The argument to --groups is completed correctly.
* In addition to named capabilities, the pattern cap_[0-9]+ is
  completed.

 Completion/Linux/Command/_setpriv | 100 ++++++++++++++++++++++++++++++
 1 file changed, 100 insertions(+)
 create mode 100644 Completion/Linux/Command/_setpriv

diff --git a/Completion/Linux/Command/_setpriv b/Completion/Linux/Command/_setpriv
new file mode 100644
index 000000000..f42e02cc8
--- /dev/null
+++ b/Completion/Linux/Command/_setpriv
@@ -0,0 +1,100 @@
+#compdef setpriv
+
+__setpriv_prctl_securebits_set_elements() {
+  local -a expl
+  local -a bits
+
+  bits=(
+      noroot noroot_locked
+      no_setuid_fixup no_setuid_fixup_locked
+      keep_caps_locked
+  )
+
+  if ! compset -P '[+-]'; then
+    _description minus-or-plus expl "-/+"
+    compadd "${(@)expl}" -qS '' {+,-}
+    return
+  fi
+
+  _description minus-plus-securebits expl "prctl securebit"
+  compadd "${(@)expl}" "$@" -a - bits
+}
+
+__setpriv_numbered_caps() {
+  # The cap_ prefix.
+  # We override the suffix from _sequence with -S '' to stay adjacent
+  # to the following number.
+  if ! compset -P cap_; then
+    compadd -S '' "$@" -n - cap_
+    return
+  fi
+  # A capability number; i.e. a non-negative integer.
+  # We can't complete integers, so no matches.
+  if ! compset -P '[0-9]##'; then
+    local -a expl
+    _description -x numbers expl "capability number"
+    compadd -S '' "${(@)expl}" -n -
+    return
+  fi
+  # The numbered cap expression is complete.
+  compadd "$@" -n - ''
+}
+
+__setpriv_cap_set_elements() {
+  # '-' or '+', followed by one of the following:
+  # - a capability name
+  # - the word 'all'
+  # - 'cap_[0-9]+' (to specify unknown capabilities).
+  if ! compset -P '[+-]'; then
+    local -a expl
+    _description minus-or-plus expl "-/+"
+    compadd "${(@)expl}" -qS '' {+,-}
+    return
+  fi
+
+  # We pass through compadd options generated by _sequence.
+  local -a sequence_argv=( "$@" )
+
+  _alternative -O sequence_argv \
+      'special-words:drop/obtain all caps:(all)' \
+      'capabilities: :_capabilities' \
+      'numbered-capabilities:cap_N:__setpriv_numbered_caps' \
+      #
+}
+
+__setpriv_death_signals() {
+  _alternative \
+      'special-words:keep or clear:(keep clear)' \
+      'signals:UNIX signal:_signals' \
+      #
+}
+
+local curcontext="$curcontext" state state_descr line
+typeset -A opt_args
+
+_arguments -C -S \
+  '(- : *)'{-h,--help}'[print help and exit]' \
+  '(- : *)'{-V,--version}'[print version information and exit]' \
+  '(- : *)*'{-d,--dump}'[display the current privilege state]' \
+  '(--groups --init-groups --keep-groups)--clear-groups[clear supplementary groups]' \
+  '(--clear-groups --init-groups --keep-groups)--groups[set supplementary groups]: : _sequence _groups' \
+  '(--clear-groups --groups --init-groups)--keep-groups[preserve supplementary groups]' \
+  '(--clear-groups --groups --keep-groups)--init-groups[initialize supplementary groups]' \
+  '--inh-caps[set inheritable caps]: : _sequence __setpriv_cap_set_elements' \
+  '--ambient-caps[set ambient caps]: : _sequence __setpriv_cap_set_elements' \
+  '--bounding-set[set the cap bounding set]: : _sequence __setpriv_cap_set_elements' \
+  '(- : *)--list-caps[list all known capabilities]' \
+  '--no-new-privs[set NO_NEW_PRIVS]' \
+  '--rgid[set real UNIX group id]:UNIX group:_groups' \
+  '--egid[set effective UNIX group id]:UNIX group:_groups' \
+  '--regid[set real and effective UNIX group id]:UNIX group:_groups' \
+  '--ruid[set real UNIX user id]:UNIX user:_users' \
+  '--euid[set effective UNIX user id]:UNIX user:_users' \
+  '--reuid[set real and effective UNIX user id]:UNIX user:_users' \
+  '--securebits[set "process securebits"]: : _sequence __setpriv_prctl_securebits_set_elements' \
+  '--pdeathsig[keep, clear, or set parent death signal]: : __setpriv_death_signals' \
+  '--selinux-label[request a selinux label]:SELinux labels: ' \
+  '--apparmor-profile[request an apparmor profile]:AppArmor profiles: ' \
+  '--reset-env[set environment as for a classic login shell]' \
+  '*:::command:_normal' \
+  #
-- 
2.31.0

Follow-Ups:
- Re: [PATCH v2 2/3] Introduce new completion for setpriv(1) on Linux
  - From: Mikael Magnusson

References:
- [PATCH v2 1/3] Introduce new completion for Linux task capabilities
  - From: Arseny Maslennikov

Messages sorted by: Reverse Date, Date, Thread, Author