blob: bdd3b7dabe2fab1ad09df67e66871d7e3c86e0e0 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
|
_setpriv_module()
{
local cur prev OPTS
COMPREPLY=()
cur="${COMP_WORDS[COMP_CWORD]}"
prev="${COMP_WORDS[COMP_CWORD-1]}"
case $prev in
'--inh-caps'|'--bounding-set')
local prefix realcur INHERIT_ALL INHERIT
realcur="${cur##*,}"
prefix="${cur%$realcur}"
INHERIT_ALL=$($1 --list-caps| awk '{print $1, "-" $1}')
for WORD in $INHERIT_ALL; do
if ! [[ $prefix == *"$WORD"* ]]; then
INHERIT="$WORD $INHERIT"
fi
done
compopt -o nospace
COMPREPLY=( $(compgen -P "$prefix" -W "$INHERIT" -S ',' -- $realcur) )
return 0
;;
'--ruid'|'--euid'|'--reuid')
local UIDS
UIDS=$(getent passwd | awk -F: '{print $3}')
COMPREPLY=( $(compgen -W "$UIDS" -- $cur) )
return 0
;;
'--rgid'|'--egid'|'--regid')
local GIDS
GIDS=$(getent group | awk -F: '{print $3}')
COMPREPLY=( $(compgen -W "$GIDS" -- $cur) )
return 0
;;
'--groups')
local prefix realcur GIDS_ALL GIDS
realcur="${cur##*,}"
prefix="${cur%$realcur}"
GIDS_ALL=$(getent group | awk -F: '{print $3}')
for WORD in $GIDS_ALL; do
if ! [[ $prefix == *"$WORD"* ]]; then
GIDS="$WORD $GIDS"
fi
done
compopt -o nospace
COMPREPLY=( $(compgen -P "$prefix" -W "$GIDS" -S ',' -- $realcur) )
return 0
;;
'--securebits')
local SBITS
SBITS="noroot noroot_locked no_setuid_fixup no_setuid_fixup_locked keep_caps_locked
-noroot -noroot_locked -no_setuid_fixup -no_setuid_fixup_locked -keep_caps_locked"
COMPREPLY=( $(compgen -W "$SBITS" -- $cur) )
return 0
;;
'--selinux-label')
# FIXME: how to list selinux labels?
COMPREPLY=( $(compgen -W "label" -- $cur) )
return 0
;;
'--apparmor-profile')
# FIXME: how to list apparmor profiles?
COMPREPLY=( $(compgen -W "profile" -- $cur) )
return 0
;;
'-h'|'--help'|'-V'|'--version')
return 0
;;
esac
case $cur in
-*)
OPTS="--dump
--no-new-privs
--inh-caps
--bounding-set
--ruid
--euid
--rgid
--egid
--reuid
--regid
--clear-groupsclear
--keep-groupskeep
--groups
--securebits
--selinux-label
--apparmor-profile
--help
--version"
COMPREPLY=( $(compgen -W "${OPTS[*]}" -- $cur) )
return 0
;;
esac
compopt -o bashdefault
COMPREPLY=( $(compgen -c -- $cur) )
return 0
}
complete -F _setpriv_module setpriv
|