1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
|
_setpriv_module()
{
local cur prev OPTS
COMPREPLY=()
cur="${COMP_WORDS[COMP_CWORD]}"
prev="${COMP_WORDS[COMP_CWORD-1]}"
case $prev in
'--ambient-caps'|'--inh-caps'|'--bounding-set')
local prefix realcur INHERIT_ALL INHERIT
realcur="${cur##*,}"
prefix="${cur%$realcur}"
INHERIT_ALL=$($1 --list-caps| awk '{print $1, "-" $1}')
for WORD in $INHERIT_ALL; do
if ! [[ $prefix == *"$WORD"* ]]; then
INHERIT="$WORD ${INHERIT:-""}"
fi
done
compopt -o nospace
COMPREPLY=( $(compgen -P "$prefix" -W "$INHERIT" -S ',' -- $realcur) )
return 0
;;
'--ruid'|'--euid'|'--reuid')
local UIDS
UIDS=$(getent passwd | awk -F: '{print $1}')
COMPREPLY=( $(compgen -W "$UIDS" -- $cur) )
return 0
;;
'--rgid'|'--egid'|'--regid')
local GIDS
GIDS=$(getent group | awk -F: '{print $1}')
COMPREPLY=( $(compgen -W "$GIDS" -- $cur) )
return 0
;;
'--groups')
local prefix realcur GIDS_ALL GIDS
realcur="${cur##*,}"
prefix="${cur%$realcur}"
GIDS_ALL=$(getent group | awk -F: '{print $3}')
for WORD in $GIDS_ALL; do
if ! [[ $prefix == *"$WORD"* ]]; then
GIDS="$WORD ${GIDS:-""}"
fi
done
compopt -o nospace
COMPREPLY=( $(compgen -P "$prefix" -W "$GIDS" -S ',' -- $realcur) )
return 0
;;
'--securebits')
local prefix realcur SBITS_ALL SBITS WORD
realcur="${cur##*,}"
prefix="${cur%$realcur}"
SBITS_ALL="
{+,-}keep_caps_locked
{+,-}noroot
{+,-}noroot_locked
{+,-}no_setuid_fixup
{+,-}no_setuid_fixup_locked
"
for WORD in $SBITS_ALL; do
if ! [[ $prefix == *"$WORD"* ]]; then
SBITS="$WORD ${SBITS:-""}"
fi
done
compopt -o nospace
COMPREPLY=( $(compgen -P "$prefix" -W "$SBITS" -S ',' -- $realcur) )
return 0
;;
'--pdeathsig')
local i signals
for i in $(kill -l); do
case $i in
SIG*)
signals+="$i "
;;
esac
done
COMPREPLY=( $(compgen -W "keep clear $signals" -- $cur) )
return 0
;;
'--selinux-label')
# FIXME: how to list selinux labels?
COMPREPLY=( $(compgen -W "label" -- $cur) )
return 0
;;
'--apparmor-profile')
# FIXME: how to list apparmor profiles?
COMPREPLY=( $(compgen -W "profile" -- $cur) )
return 0
;;
'-h'|'--help'|'-V'|'--version')
return 0
;;
esac
case $cur in
-*)
OPTS="--dump
--no-new-privs
--ambient-caps
--inh-caps
--bounding-set
--ruid
--euid
--rgid
--egid
--reuid
--regid
--clear-groupsclear
--keep-groupskeep
--groups
--securebits
--pdeathsig
--reset-env
--selinux-label
--apparmor-profile
--help
--version"
COMPREPLY=( $(compgen -W "${OPTS[*]}" -- $cur) )
return 0
;;
esac
compopt -o bashdefault
COMPREPLY=( $(compgen -c -- $cur) )
return 0
}
complete -F _setpriv_module setpriv
|
