From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-2.2 required=5.0 tests=DKIM_ADSP_ALL,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED,UNPARSEABLE_RELAY autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 2689 invoked from network); 21 Mar 2021 13:02:10 -0000 Received: from zero.zsh.org (2a02:898:31:0:48:4558:7a:7368) by inbox.vuxu.org with ESMTPUTF8; 21 Mar 2021 13:02:10 -0000 ARC-Seal: i=1; cv=none; a=rsa-sha256; d=zsh.org; s=rsa-20200801; t=1616331730; b=x/PWTTF++rLvpWckUkZyjkoJVbyQkpYGHzD63Mw+lgZPdmEd7app8bq91/9gINnAxQG2j1mfSc QojaJSFUacp371d1IRLkYPUSH22s+wSUGo0Fz7VkNeeCHdHFrfK41dzyRaKZIK2R9O9UG9jnXb wrECOw0Jy2vCxGF/WOO1GLHpqxPIcYIvj3c4h9uMLXgaYgYHGNPAJzxIvziWRQV5dt2qXn3AUQ qWPTGhpLeSNkIFAWE8+RJ8KROOP9z2ar8xuymq7L52pnMDXfpmQV50juqr+0264UwZ1DF9+wCq 4nWKO8pO44jCW9Bf7tzRm3Y8dkVMlfrVAhKrDKg10Odycg==; ARC-Authentication-Results: i=1; zsh.org; iprev=pass (mx.cs.msu.ru) smtp.remote-ip=188.44.42.42; dkim=pass header.d=cs.msu.ru header.s=dkim header.a=rsa-sha256; dmarc=pass header.from=cs.msu.ru; arc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed; d=zsh.org; s=rsa-20200801; t=1616331730; bh=ngdaICdTsTaxCqg68rf5GYqh43Wneeg9Lmx/SPRxDw0=; h=List-Archive:List-Owner:List-Post:List-Unsubscribe:List-Subscribe:List-Help: List-Id:Sender:Subject:Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Cc:To:From:DKIM-Signature:DKIM-Signature; b=ZgSwCi3fiMU1uKfeaO/FF0nTZ1G7w/n52VamE9TtNlLxkwoe5HPViqGcvSpKmjYhDm7EKIyY73 GafgiMe9SQCTQId7jjVvXyR04FH1m0sbglBg0ov3nbr5aFkOYfLd+eimqDm2B5dq7ihzLQZmor sSXJmsLmzPGeu1OcCmdVfq/0jOgdYqLoCqtjs1TQANG8QkJ/Z0SQVXXkyPwGWA9wkseiWwek4B rFTr7xL8zPCZE8AEca5UL746plSwlsoHkkNFG4iQSfHFSXVPJnQ/YOr7oZHVBS1h9dzI5NCAG4 3IgqcEkfVcWwmNrDEV9UY6naKqZAkO0vEG+lXzUhwJREtQ==; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=zsh.org; s=rsa-20200801; h=List-Archive:List-Owner:List-Post:List-Unsubscribe: List-Subscribe:List-Help:List-Id:Sender:Subject:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-Id:Date:Cc:To:From:Reply-To: Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID; bh=nyk+ciOVek4hbwWHl8gp+5VUPeVTesBbn58HYmAF7I0=; b=fvnQLhmkchCFlhPlwqh7B+n7A0 XWjTouKXPbBYnLneG7SyMs/Vj43M9en05nUQONsh1kOkyOaEGXFI9ODDoRmGuwbkEPx2P93ztjCuY Tm2PylY/vp28Ra/+rbwxuTE1B4kpPm2rI2bD55snziSorF1R0TRWSuoz0fjAaTw23/9dA0XWAskHI VoxYcMdhUw1y+O2CZ83jer9OvqP2E/5QANTbYNaG2bgbIZumVIlaOD2f3b5ha2Mps0qgFiEIBNmUV Pepus7zs19ZmRl5Pmi20ELr9WqsjJXv9Nj4Be63EN4wiyuuI/NSPEVupoaAmixOR2Z0lIhh0QvWko fUXqByQg==; Received: from authenticated user by zero.zsh.org with local id 1lNxia-000373-TH; Sun, 21 Mar 2021 13:02:08 +0000 Authentication-Results: zsh.org; iprev=pass (mx.cs.msu.ru) smtp.remote-ip=188.44.42.42; dkim=pass header.d=cs.msu.ru header.s=dkim header.a=rsa-sha256; dmarc=pass header.from=cs.msu.ru; arc=none Received: from mx.cs.msu.ru ([188.44.42.42]:53615 helo=mail.cs.msu.ru) by zero.zsh.org with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) id 1lNxiM-0002xi-7p; Sun, 21 Mar 2021 13:01:54 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=cs.msu.ru; s=dkim; h=Subject:Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=nyk+ciOVek4hbwWHl8gp+5VUPeVTesBbn58HYmAF7I0=; b=IX6w/phhdxT8qplQ/d18IZSawd WvfK2fMAuIJY/WPHj99gNnYtLb7ewYTqKJmb+DGsyaP3iEcRA8shjbgVtKbiRxhByH0fwsVfZAOMs AXbKFuSkxtgrI7zz37jLm7x9vrFihtrBB1TMY3FXrs0zRmQBn73Wz5qlB2ElRAOa+67LXKaQ+E6BL ctD3ZYsCIuoHp9qRCqS88EjzPkPpSfs26S0xu9/nu+L69ROJIsklD8CB6qqeMDx6sQ27588HgXXQj DuhxxCr2iTJSwpl5fpJayysbGn1BwcMTPwKw53ZyghA+IEjs963Gk0AZxDqW8QHp3JxiJADVc11fr 8OrHG8Zw==; Received: from [37.204.119.143] (port=38992 helo=localhost.localdomain) by mail.cs.msu.ru with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94 (FreeBSD)) (envelope-from ) id 1lNxiL-00085B-AK; Sun, 21 Mar 2021 16:01:53 +0300 From: Arseny Maslennikov To: zsh-workers@zsh.org Cc: Arseny Maslennikov Date: Sun, 21 Mar 2021 16:01:30 +0300 Message-Id: <20210321130131.1667276-2-ar@cs.msu.ru> X-Mailer: git-send-email 2.31.0 In-Reply-To: <20210321130131.1667276-1-ar@cs.msu.ru> References: <20210321130131.1667276-1-ar@cs.msu.ru> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SA-Exim-Connect-IP: 37.204.119.143 X-SA-Exim-Mail-From: ar@cs.msu.ru Subject: [PATCH v2 2/3] Introduce new completion for setpriv(1) on Linux X-SA-Exim-Version: 4.2.1 X-SA-Exim-Scanned: Yes (on mail.cs.msu.ru) X-Seq: 48210 Archived-At: X-Loop: zsh-workers@zsh.org Errors-To: zsh-workers-owner@zsh.org Precedence: list Precedence: bulk Sender: zsh-workers-request@zsh.org X-no-archive: yes List-Id: List-Help: List-Subscribe: List-Unsubscribe: List-Post: List-Owner: List-Archive: Archived-At: This is a utility from util-linux which sets or queries various Linux process privilege settings that are inherited across execve(2). More info is available in the corresponding manual page[1]. [1] https://man7.org/linux/man-pages/man1/setpriv.1.html --- Changes since v1: * Code style and grammar adjustments to comply with Etc/completion-style-guide. * The code now uses compset -P to handle -/+ when completing caps and prctl securebits. * The argument to --groups is completed correctly. * In addition to named capabilities, the pattern cap_[0-9]+ is completed. Completion/Linux/Command/_setpriv | 100 ++++++++++++++++++++++++++++++ 1 file changed, 100 insertions(+) create mode 100644 Completion/Linux/Command/_setpriv diff --git a/Completion/Linux/Command/_setpriv b/Completion/Linux/Command/_setpriv new file mode 100644 index 000000000..f42e02cc8 --- /dev/null +++ b/Completion/Linux/Command/_setpriv @@ -0,0 +1,100 @@ +#compdef setpriv + +__setpriv_prctl_securebits_set_elements() { + local -a expl + local -a bits + + bits=( + noroot noroot_locked + no_setuid_fixup no_setuid_fixup_locked + keep_caps_locked + ) + + if ! compset -P '[+-]'; then + _description minus-or-plus expl "-/+" + compadd "${(@)expl}" -qS '' {+,-} + return + fi + + _description minus-plus-securebits expl "prctl securebit" + compadd "${(@)expl}" "$@" -a - bits +} + +__setpriv_numbered_caps() { + # The cap_ prefix. + # We override the suffix from _sequence with -S '' to stay adjacent + # to the following number. + if ! compset -P cap_; then + compadd -S '' "$@" -n - cap_ + return + fi + # A capability number; i.e. a non-negative integer. + # We can't complete integers, so no matches. + if ! compset -P '[0-9]##'; then + local -a expl + _description -x numbers expl "capability number" + compadd -S '' "${(@)expl}" -n - + return + fi + # The numbered cap expression is complete. + compadd "$@" -n - '' +} + +__setpriv_cap_set_elements() { + # '-' or '+', followed by one of the following: + # - a capability name + # - the word 'all' + # - 'cap_[0-9]+' (to specify unknown capabilities). + if ! compset -P '[+-]'; then + local -a expl + _description minus-or-plus expl "-/+" + compadd "${(@)expl}" -qS '' {+,-} + return + fi + + # We pass through compadd options generated by _sequence. + local -a sequence_argv=( "$@" ) + + _alternative -O sequence_argv \ + 'special-words:drop/obtain all caps:(all)' \ + 'capabilities: :_capabilities' \ + 'numbered-capabilities:cap_N:__setpriv_numbered_caps' \ + # +} + +__setpriv_death_signals() { + _alternative \ + 'special-words:keep or clear:(keep clear)' \ + 'signals:UNIX signal:_signals' \ + # +} + +local curcontext="$curcontext" state state_descr line +typeset -A opt_args + +_arguments -C -S \ + '(- : *)'{-h,--help}'[print help and exit]' \ + '(- : *)'{-V,--version}'[print version information and exit]' \ + '(- : *)*'{-d,--dump}'[display the current privilege state]' \ + '(--groups --init-groups --keep-groups)--clear-groups[clear supplementary groups]' \ + '(--clear-groups --init-groups --keep-groups)--groups[set supplementary groups]: : _sequence _groups' \ + '(--clear-groups --groups --init-groups)--keep-groups[preserve supplementary groups]' \ + '(--clear-groups --groups --keep-groups)--init-groups[initialize supplementary groups]' \ + '--inh-caps[set inheritable caps]: : _sequence __setpriv_cap_set_elements' \ + '--ambient-caps[set ambient caps]: : _sequence __setpriv_cap_set_elements' \ + '--bounding-set[set the cap bounding set]: : _sequence __setpriv_cap_set_elements' \ + '(- : *)--list-caps[list all known capabilities]' \ + '--no-new-privs[set NO_NEW_PRIVS]' \ + '--rgid[set real UNIX group id]:UNIX group:_groups' \ + '--egid[set effective UNIX group id]:UNIX group:_groups' \ + '--regid[set real and effective UNIX group id]:UNIX group:_groups' \ + '--ruid[set real UNIX user id]:UNIX user:_users' \ + '--euid[set effective UNIX user id]:UNIX user:_users' \ + '--reuid[set real and effective UNIX user id]:UNIX user:_users' \ + '--securebits[set "process securebits"]: : _sequence __setpriv_prctl_securebits_set_elements' \ + '--pdeathsig[keep, clear, or set parent death signal]: : __setpriv_death_signals' \ + '--selinux-label[request a selinux label]:SELinux labels: ' \ + '--apparmor-profile[request an apparmor profile]:AppArmor profiles: ' \ + '--reset-env[set environment as for a classic login shell]' \ + '*:::command:_normal' \ + # -- 2.31.0