_setpriv_module()
{
	local cur prev OPTS
	COMPREPLY=()
	cur="${COMP_WORDS[COMP_CWORD]}"
	prev="${COMP_WORDS[COMP_CWORD-1]}"
	case $prev in
		'--ambient-caps'|'--inh-caps'|'--bounding-set')
			local prefix realcur INHERIT_ALL INHERIT
			realcur="${cur##*,}"
			prefix="${cur%$realcur}"
			INHERIT_ALL=$($1 --list-caps| awk '{print $1, "-" $1}')
			for WORD in $INHERIT_ALL; do
				if ! [[ $prefix == *"$WORD"* ]]; then
					INHERIT="$WORD ${INHERIT:-""}"
				fi
			done
			compopt -o nospace
			COMPREPLY=( $(compgen -P "$prefix" -W "$INHERIT" -S ',' -- $realcur) )
			return 0
			;;
		'--ruid'|'--euid'|'--reuid')
			local UIDS
			UIDS=$(getent passwd | awk -F: '{print $1}')
			COMPREPLY=( $(compgen -W "$UIDS" -- $cur) )
			return 0
			;;
		'--rgid'|'--egid'|'--regid')
			local GIDS
			GIDS=$(getent group | awk -F: '{print $1}')
			COMPREPLY=( $(compgen -W "$GIDS" -- $cur) )
			return 0
			;;
		'--groups')
			local prefix realcur GIDS_ALL GIDS
			realcur="${cur##*,}"
			prefix="${cur%$realcur}"
			GIDS_ALL=$(getent group | awk -F: '{print $3}')
			for WORD in $GIDS_ALL; do
				if ! [[ $prefix == *"$WORD"* ]]; then
					GIDS="$WORD ${GIDS:-""}"
				fi
			done
			compopt -o nospace
			COMPREPLY=( $(compgen -P "$prefix" -W "$GIDS" -S ',' -- $realcur) )
			return 0
			;;
		'--securebits')
			local prefix realcur SBITS_ALL SBITS WORD
			realcur="${cur##*,}"
			prefix="${cur%$realcur}"
			SBITS_ALL="
				{+,-}keep_caps_locked
				{+,-}noroot
				{+,-}noroot_locked
				{+,-}no_setuid_fixup
				{+,-}no_setuid_fixup_locked
			"
			for WORD in $SBITS_ALL; do
				if ! [[ $prefix == *"$WORD"* ]]; then
					SBITS="$WORD ${SBITS:-""}"
				fi
			done
			compopt -o nospace
			COMPREPLY=( $(compgen -P "$prefix" -W "$SBITS" -S ',' -- $realcur) )
			return 0
			;;
		'--pdeathsig')
			local i signals
			for i in $(kill -l); do
				case $i in
					SIG*)
						signals+="$i "
					;;
				esac
			done
			COMPREPLY=( $(compgen -W "keep clear $signals" -- $cur) )
			return 0
			;;
		'--selinux-label')
			# FIXME: how to list selinux labels?
			COMPREPLY=( $(compgen -W "label" -- $cur) )
			return 0
			;;
		'--apparmor-profile')
			# FIXME: how to list apparmor profiles?
			COMPREPLY=( $(compgen -W "profile" -- $cur) )
			return 0
			;;
		'-h'|'--help'|'-V'|'--version')
			return 0
			;;
	esac
	case $cur in
		-*)
			OPTS="--dump
				--no-new-privs
				--ambient-caps
				--inh-caps
				--bounding-set
				--ruid
				--euid
				--rgid
				--egid
				--reuid
				--regid
				--clear-groupsclear
				--keep-groupskeep
				--groups
				--securebits
				--pdeathsig
				--reset-env
				--selinux-label
				--apparmor-profile
				--help
				--version"
			COMPREPLY=( $(compgen -W "${OPTS[*]}" -- $cur) )
			return 0
			;;
	esac
	compopt -o bashdefault
	COMPREPLY=( $(compgen -c -- $cur) )
	return 0
}
complete -F _setpriv_module setpriv