blob: 3be5ccd702a7ffb4658e3ffad628c92d32bd5276 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
|
_setpriv_module()
{
local cur prev OPTS
COMPREPLY=()
cur="${COMP_WORDS[COMP_CWORD]}"
prev="${COMP_WORDS[COMP_CWORD-1]}"
case $prev in
'--inh-caps'|'--bounding-set')
# FIXME: how to append to a string with compgen?
local INHERIT
INHERIT=$(setpriv --list-caps| awk '{print $1, "-" $1}')
compopt -o nospace
COMPREPLY=( $(compgen -W "all $INHERIT" -S ',' -- $cur) )
return 0
;;
'--ruid'|'--euid'|'--reuid')
local UIDS
UIDS=$(getent passwd | awk -F: '{print $3}')
COMPREPLY=( $(compgen -W "$UIDS" -- $cur) )
return 0
;;
'--rgid'|'--egid'|'--regid')
local GIDS
GIDS=$(getent group | awk -F: '{print $3}')
COMPREPLY=( $(compgen -W "$GIDS" -- $cur) )
return 0
;;
'--groups')
# FIXME: how to append to a string with compgen?
local GIDS
GIDS=$(getent group | awk -F: '{print $3}')
compopt -o nospace
COMPREPLY=( $(compgen -W "$GIDS" -S ',' -- $cur) )
return 0
;;
'--securebits')
local SBITS
SBITS="noroot noroot_locked no_setuid_fixup no_setuid_fixup_locked keep_caps_locked
-noroot -noroot_locked -no_setuid_fixup -no_setuid_fixup_locked -keep_caps_locked"
COMPREPLY=( $(compgen -W "$SBITS" -- $cur) )
return 0
;;
'--selinux-label')
# FIXME: how to list selinux labels?
COMPREPLY=( $(compgen -W "label" -- $cur) )
return 0
;;
'--apparmor-profile')
# FIXME: how to list apparmor profiles?
COMPREPLY=( $(compgen -W "profile" -- $cur) )
return 0
;;
'-h'|'--help'|'-V'|'--version')
return 0
;;
esac
case $cur in
-*)
OPTS="--dump
--no-new-privs
--inh-caps
--bounding-set
--ruid
--euid
--rgid
--egid
--reuid
--regid
--clear-groupsclear
--keep-groupskeep
--groups
--securebits
--selinux-label
--apparmor-profile
--help
--version"
COMPREPLY=( $(compgen -W "${OPTS[*]}" -- $cur) )
return 0
;;
esac
compopt -o bashdefault
COMPREPLY=( $(compgen -c -- $cur) )
return 0
}
complete -F _setpriv_module setpriv
|