From: Oliver Kiddle <opk@zsh.org>
To: Zsh workers <zsh-workers@zsh.org>
Subject: PATCH: handle newrole in SELinux completions
Date: Mon, 18 Mar 2024 21:24:52 +0100 [thread overview]
Message-ID: <33044-1710793492.809598@y5Qn.AVJY.DVQL> (raw)
This handles also newrole in the SELinux completion function.
There are also a couple of other minor fixes. Module package files can
be .cil instead of .pp files. There was one case where I must have
used grep -L instead of -l when identifying commands for which an option
applied because the case pattern was inverted. And for runcon, some detritus
remained from copy/pasting the help output.
Oliver
diff --git a/Completion/Linux/Command/_selinux b/Completion/Linux/Command/_selinux
index e7d4d3b2e..a7ba68952 100644
--- a/Completion/Linux/Command/_selinux
+++ b/Completion/Linux/Command/_selinux
@@ -1,4 +1,4 @@
-#compdef audit2allow audit2why avcstat chcon checkmodule checkpolicy fixfiles getpidprevcon getsebool matchpathcon restorecon runcon sealert secon sedta seinfo selinuxconlist selinuxdefcon selinuxexeccon semanage semodule semodule_unpackage sepolgen sepolicy sesearch sestatus setenforce setsebool validatetrans
+#compdef audit2allow audit2why avcstat chcon checkmodule checkpolicy fixfiles getpidprevcon getsebool matchpathcon newrole restorecon runcon sealert secon sedta seinfo selinuxconlist selinuxdefcon selinuxexeccon semanage semodule semodule_unpackage sepolgen sepolicy sesearch sestatus setenforce setsebool validatetrans
# encompasses checkpolicy libselinux-utils policycoreutils
# policycoreutils-devel policycoreutils-python-utils setools-console
@@ -251,6 +251,21 @@ case $service in
)
;;
+ newrole)
+ local cmd cpp
+ cmd="$words[1]"
+ cpp='_comp_priv_prefix=( $cmd ${(kv)opt_args[(I)-([rtl]|-role|-type|-level)]} )'
+ args=(
+ '(-r --role)'{-r+,--role=}'[specify role]: :_selinux_roles'
+ '(-t --type)'{-t+,--type=}'[specify type]: :_selinux_types'
+ '(-l --level)'{-l+,--range=}'[specify level]:level'
+ '(-p --preserve-environment)'{-p,--preserve-environment}"[don't create new minimal environment]"
+ "${ign}(-)"{-V,--version}'[display version information]'
+ "(-)1: :{ $cpp; _command_names -e }" \
+ "*:: :{ $cpp; _normal }"
+ )
+ ;;
+
restorecon)
args=(
'*-e+[exclude a directory]:directory:_directories'
@@ -276,10 +291,10 @@ case $service in
runcon)
args=(
'(1 -c --compute)'{-c,--compute}'[compute process transition context before modifying]'
- '(1 -t --type=TYPE)'{-t+,--type=}'[specify type]: :_selinux_types'
- '(1 -u --user=USER)'{-u+,--user=}'[specify user identity]: :_selinux_users'
- '(1 -r --role=ROLE)'{-r+,--role=}'[specify role]: :_selinux_roles'
- '(1 -l --range=RANGE)'{-l+,--range=}'[specify level range]:range'
+ '(1 -t --type)'{-t+,--type=}'[specify type]: :_selinux_types'
+ '(1 -u --user)'{-u+,--user=}'[specify user identity]: :_selinux_users'
+ '(1 -r --role)'{-r+,--role=}'[specify role]: :_selinux_roles'
+ '(1 -l --range)'{-l+,--range=}'[specify level range]:range'
'(-)1:security context:_selinux_contexts'
'*:::args:_normal'
)
@@ -460,7 +475,7 @@ case $service in
'(-E --extract)'{-E,--extract}'[extract customizable commands, for use within a transaction]'
)
;|
- boolean|dontaudit|export|import)
+ fcontext|ibendport|ibpkey|interface|login|module|node|permissive|port|user)
args+=( '(-a --add)'{-a,--add}'[add a record]' )
;|
boolean|fcontext|ibendport|ibpkey|interface|login|node|permissive|port|user)
@@ -573,8 +588,8 @@ case $service in
\*{-B,--build}'[build and reload policy]'
\*'--refresh[like --build but reuse existing linked policy if module files unchanged]'
\*{-D,--disable_dontaudit}'[remove dontaudits from policy]'
- \*{-i+,--install=}'[install a new module]:module package:_files -g "*.pp(-.)"'
- \!{-b,--base,-u,--upgrade}':module package:_files -g "*.pp(-.)"'
+ \*{-i+,--install=}'[install a new module]:module package:_files -g "*.(pp|cil)(-.)"'
+ \!{-b,--base,-u,--upgrade}':module package:_files -g "*.(pp|cil)(-.)"'
\*{-r+,--remove=}'[remove existing module at desired priority]:module name:_selinux_modules'
\*{-l+,--list-modules=-}'[display list of installed modules]::kind:((
standard\:highest\ priority,\ enabled\ modules
reply other threads:[~2024-03-18 20:25 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=33044-1710793492.809598@y5Qn.AVJY.DVQL \
--to=opk@zsh.org \
--cc=zsh-workers@zsh.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/zsh/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).