From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-1.1 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from primenet.com.au (ns1.primenet.com.au [203.24.36.2]) by inbox.vuxu.org (OpenSMTPD) with ESMTP id 635974d4 for ; Thu, 26 Sep 2019 22:21:07 +0000 (UTC) Received: (qmail 18051 invoked by alias); 26 Sep 2019 22:21:00 -0000 Mailing-List: contact zsh-workers-help@zsh.org; run by ezmlm Precedence: bulk X-No-Archive: yes List-Id: Zsh Workers List List-Post: List-Help: List-Unsubscribe: X-Seq: 44781 Received: (qmail 23299 invoked by uid 1010); 26 Sep 2019 22:21:00 -0000 X-Qmail-Scanner-Diagnostics: from park01.gkg.net by f.primenet.com.au (envelope-from , uid 7791) with qmail-scanner-2.11 (clamdscan: 0.101.2/25580. spamassassin: 3.4.2. Clear:RC:0(205.235.26.22):SA:0(-1.6/5.0):. Processed in 3.487866 secs); 26 Sep 2019 22:21:00 -0000 X-Envelope-From: SRS0=JSHJ=XV=yahoo.co.uk=okiddle@bounces.park01.gkg.net X-Qmail-Scanner-Mime-Attachments: | X-Qmail-Scanner-Zip-Files: | Received-SPF: pass (ns1.primenet.com.au: SPF record at bounces.park01.gkg.net designates 205.235.26.22 as permitted sender) X-Virus-Scanned: by amavisd-new at gkg.net Authentication-Results: amavisd4.gkg.net (amavisd-new); dkim=pass (2048-bit key) header.d=yahoo.co.uk X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.co.uk; s=s2048; t=1569536418; bh=KVAbSOmxbWlpz+VjTvrnZsRGTS4fym37uTVBMcAUUlw=; h=From:To:Subject:Date:From:Subject; b=fBN5vPi12FTQM7Vd9A4xdluLtIeOazIG0n1THtUdSjIbVuaGjDG/uHomAfzpUAxXosnwykAGUM5XHeGoFdIyT/ZSqGZxAcf86l7tUNpoWKWnFR3fDNoL9qNyoFfE/xgekOcwiCQAJOAnA4D8tztKx8I7aSzI7M7VSBIjVUBFj+51gCrpQIE2VrkJKfLKiqOhLVQJWOxf2RJCB5u06e/8ZndHQ2T+3Rt9gV9FWOkZThhK4HszMWlSx3DaMek5y75ImUI11RBfZpRairqgv6fLMoFTGh2d1AePXO1fJPl1mJZIzqfKGLW2jPztmRX8DS4+ar99Pr2+7UNIx0dq74BTUA== X-YMail-OSG: vJzl.NEVM1nY3QLvs7nlhGvPuPopfbPumiD9zWgHb9_z1j_FvajhW1wjjgp.2YT 4J5EunK.F7SbiUWvzQ3281CVJhPhLhJq70vkYEYgXvL2J8UchUY3QQhh3b0Ibnolvrz69SbLPhXa _q3pNI9jNxNMg.CwS.fPBvQh52KGuNBuf4JhlO0pMp2cz3Q5aKPnT0KcQQBipwzSOf.u_51tWaMt CzNqSvZ9sosY_DtXua.QjCGA7LWrVyXPGJ72vTp_JQc90Rd308.DV08uoEpYU5.BFSoUOh5g5vwg byqDDAYJLAQ.BfIjtxej94y8DqNjBfXwW6QS8n_lDIZuWYGDKRn_R8EWz1PF44HHnQAzOyQeE4MQ HoofgEYPTrn5xBmwBSMf2feBUUOBUFetOxkyHCMS8CzS84.yES5aXHxhN.EFdTMwzj3PtF520Rkv yGbSLFBidnkxiwzuiS6.gHPCtX9tf_GNrv8hXgTp4hPcRqS.BU2Y2bNLDHoHPM.oj7xcunrjyxPK dWCiGuPpio4qsoFjYF_Rziu7ejh8HPq1kszpL0zR0OppMqVLbgp9Ne_KTcaclli0PYpW_u2lL.9h GIKhw9aQm0KpXfJ0wYtSC6psS_tXpCKpUF7PkIgeSYL_Wwl.PCacm10v8Y38cJOT9ZVwq1YA.ad6 GIfP7EFCfbqZCYYoegSm6lAD2ZnymKEkWKcrDql2OXBpCwparVbSlF3KifwE7GkSgujLKNyrsWp1 .N8BTG3QiIKqPfpyReDSPl55cIrISmemXCKs3yqiWz5B_Cxz7C19k7_yxIRBzdiG3tBVkF6x3Mq9 OpwtAOpO7HAw3YukBGusCOzCx_1jaoGGQoEEv.58rSq91msoliYgqu2.9zIBRnlpllEQJBVnTb5e Uby_vYhm4z229HvrMxDMVWVU.JK.eqGofuff_jv1nr_A6e2p520emKVofzwxDHbIvU9ZuvHltifc 7wrKF0IeC43_OYJl574RwBJVUrYCIILZPXjEMZxvxDE6OUC91WvLUZTAQfdV1Pw3jD1MBpRE7308 rQBWED12kdPQEerzmdHZuNPQ1MbPZyqrNMT802rI4ak.6l1Hezit5wauMPcg30wSFBra8e_cqhhj w7Nh_nbKucuFlF1pzELEosjEgjptrOAHlA5x.nldHhcimesdM6leXfDjKQ9yYegChu7qJeUGNcqu _g9xcWwwd0exdlHeTCYRBVc2T.taZs0yVnIOXz8p3Qm8vBLJwTvpC8.IG7mxctTfj34UM9IUwzkQ rIBi503z2CMg6NafNWkA- From: Oliver Kiddle To: Zsh workers Subject: PATCH: completion of SELinux contexts MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <78350.1569535815.1@hydra> Date: Fri, 27 Sep 2019 00:10:15 +0200 Message-ID: <78351-1569535815.914285@9und.9YLS.ptXQ> There are quite a number of commands that have an option that takes an SELinux context as it's argument. Typically we've not handled this in completion functions. However it isn't too hard to do a reasonable job of completing them (apart from the level component which I don't really understand). The following adds helper functions for contexts, users, roles and types and a completion function for chcon (which comes from util-linux). And modifies completions for cp, find, install, mkdir, mknod and sudo to use the new helpers. Oliver diff --git a/Completion/Linux/Command/_chcon b/Completion/Linux/Command/_chcon new file mode 100644 index 000000000..2d523f287 --- /dev/null +++ b/Completion/Linux/Command/_chcon @@ -0,0 +1,24 @@ +#compdef chcon + +local ign + +(( $#words > 2 )) && ign='!' +_arguments -C -s -S \ + '(-h --no-dereference)--dereference[dereference symlinks]' \ + '(-h --no-dereference --dereference)'{-h,--no-dereference}'[operate on symlinks themselves]' \ + '(1 -u --user -r --role -l --range -t --type)--reference=[copy security context of specified file]:file:_files' \ + '(1 --reference -u --user)'{-u+,--user=}'[set user in the target security context]: :_selinux_users' \ + '(1 --reference -r --role)'{-r+,--role=}'[set role in the target security context]: :_selinux_roles' \ + '(1 --reference -t --type)'{-t+,--type=}'[set type in the target security context]: :_selinux_types' \ + '(1 --reference -l --range)'{-l+,--range=}'[set range in the target security context]:selinux range' \ + '(--recursive -R)'{--recursive,-R}'[recurse subdirectories]' \ + '(-v --verbose)'{-v,--verbose}'[output a diagnostic for every file processed]' \ + '(-H -L -P)-H[follow symlinks on the command line]' \ + '(-H -L -P)-L[follow all symlinks]' \ + "(-H -L -P)-P[don't follow symlinks (default)]" \ + '!(--preserve-root)--no-preserve-root' \ + "--preserve-root[fail to operate recursively on '/']" \ + '(--reference -u --user -r --role -l --range -t --type)1:security context:_selinux_contexts' \ + "${ign}--help[display help information]" \ + "${ign}--version[display version information]" \ + '*:file:_files' diff --git a/Completion/Linux/Type/_selinux_contexts b/Completion/Linux/Type/_selinux_contexts new file mode 100644 index 000000000..4c2cf4288 --- /dev/null +++ b/Completion/Linux/Type/_selinux_contexts @@ -0,0 +1,14 @@ +#autoload + +local -a parts suf + +parts=( users roles types ) +while compset -P 1 '*:' && (( $+parts[1] )) ; do + shift parts +done +if (( $+parts[1] )); then + compset -S ':*' || suf=( -S : ) + _selinux_$parts[1] $suf +else + _message -e selinux-ranges 'selinux range' +fi diff --git a/Completion/Linux/Type/_selinux_roles b/Completion/Linux/Type/_selinux_roles new file mode 100644 index 000000000..92b4c36cb --- /dev/null +++ b/Completion/Linux/Type/_selinux_roles @@ -0,0 +1,7 @@ +#autoload + +local -a seroles expl + +seroles=( ${(f)"$(_call_program selinux-roles seinfo --flat -r)"} ) +_description selinux-roles expl "selinux role" +compadd "$@" "$expl[@]" -a seroles diff --git a/Completion/Linux/Type/_selinux_types b/Completion/Linux/Type/_selinux_types new file mode 100644 index 000000000..ef31f45d2 --- /dev/null +++ b/Completion/Linux/Type/_selinux_types @@ -0,0 +1,7 @@ +#autoload + +local -a setypes expl + +setypes=( ${(f)"$(_call_program selinux-types seinfo --flat -t)"} ) +_description selinux-types expl "selinux type" +compadd "$@" "$expl[@]" -a setypes diff --git a/Completion/Linux/Type/_selinux_users b/Completion/Linux/Type/_selinux_users new file mode 100644 index 000000000..f046c92cf --- /dev/null +++ b/Completion/Linux/Type/_selinux_users @@ -0,0 +1,8 @@ +#autoload + +local -a seusers expl + +seusers=( ${(f)"$(_call_program selinux-users seinfo --flat -u)"} ) +(( $#seusers )) || seusers=( guest_u root staff_u sysadm_u system_u unconfined_u user_u ) +_description selinux-users expl "selinux user" +compadd "$@" "$expl[@]" -a seusers diff --git a/Completion/Unix/Command/_cp b/Completion/Unix/Command/_cp index ae448213a..f7411055b 100644 --- a/Completion/Unix/Command/_cp +++ b/Completion/Unix/Command/_cp @@ -32,7 +32,7 @@ if _pick_variant gnu=GNU unix --version; then '(-v --verbose)'{-v,--verbose}'[explain what is being done]' \ '(-x --one-file-system)'{-x,--one-file-system}'[stay on this file system]' \ '(--context)-Z[set destination SELinux security context]' \ - '(-Z)--context=-[set destination SELinux security context]::context' \ + '(-Z)--context=-[set destination SELinux security context]:: :_selinux_contexts' \ '(- *)--help' '(- *)--version' \ '*:file or directory:_files' else diff --git a/Completion/Unix/Command/_find b/Completion/Unix/Command/_find index 3b9150b17..916fcf2e6 100644 --- a/Completion/Unix/Command/_find +++ b/Completion/Unix/Command/_find @@ -98,7 +98,7 @@ case $variant in args+=( '(- *)-help' '(-)--help' '(- *)-version' '(-)--version' - '-D[print diagnostics]:debug option:(help tree search stat rates opt exec)' + '-D[print diagnostics]:debug option:(exec opt rates search stat time tree all help)' '-O+[enable query optimisation]:level:(1 2 3)' '*-daystart' '-regextype:regexp syntax:(help findutils-default awk egrep ed emacs gnu-awk grep posix-awk posix-basic posix-egrep posix-extended posix-minimal-basic sed)' @@ -116,7 +116,7 @@ case $variant in '*-fprintf:output file:_files:output format' '*-printf:output format' ) - [[ $OSTYPE = linux-gnu ]] && args+=( '*-context:SELinux context' ) + [[ $OSTYPE = linux-gnu ]] && args+=( '*-context:SELinux context (glob pattern):_selinux_contexts' ) ;; esac diff --git a/Completion/Unix/Command/_install b/Completion/Unix/Command/_install index 60b0f6153..5ad84645e 100644 --- a/Completion/Unix/Command/_install +++ b/Completion/Unix/Command/_install @@ -25,7 +25,7 @@ if _pick_variant gnu='Free Soft' unix --version; then args+=( $common_args '(-b --backup)--backup=[create backup; optionally specify method]:: :->controls' - "${lx}--context=[like -Z, or specify SELinux security context to set]::SELinux security context" + "${lx}--context=-[like -Z, or specify SELinux security context to set]::SELinux security context:_selinux_contexts" '-D[create all leading destination path components]' '(: -)--help[display help information]' "${lx}--preserve-context[preserve SELinux security context]" diff --git a/Completion/Unix/Command/_mkdir b/Completion/Unix/Command/_mkdir index 0ae6be14b..4cd6bda32 100644 --- a/Completion/Unix/Command/_mkdir +++ b/Completion/Unix/Command/_mkdir @@ -22,7 +22,8 @@ case $variant in aopts=() if [[ $OSTYPE == linux* ]]; then args+=( - '(-Z --context)'{-Z,--context=}'[set SELinux context]:SELinux context' + '(--context)-Z[set SELinux context]' + '(-Z)--context=-[set SELinux context]::SELinux context:_selinux_contexts' ) fi args+=( diff --git a/Completion/Unix/Command/_mkfifo b/Completion/Unix/Command/_mkfifo index 4f1d8c87e..a055e4a1c 100644 --- a/Completion/Unix/Command/_mkfifo +++ b/Completion/Unix/Command/_mkfifo @@ -10,7 +10,7 @@ if _pick_variant gnu='Free Soft' unix --version; then ) [[ $OSTYPE == linux* ]] && args+=( '(--context)-Z[set SELinux security context to default]' - '(-Z)--context=-[like -Z, or specify SELinux security context]:SELinux security context' + '(-Z)--context=-[like -Z, or specify SELinux security context]::SELinux security context:_selinux_contexts' ) else aopts=( -A '-*' ) diff --git a/Completion/Unix/Command/_mknod b/Completion/Unix/Command/_mknod index 902f49b9f..8f07328db 100644 --- a/Completion/Unix/Command/_mknod +++ b/Completion/Unix/Command/_mknod @@ -22,7 +22,7 @@ if _pick_variant gnu='Free Soft' $OSTYPE --version; then ) [[ $OSTYPE == linux* ]] && args+=( '(--context)-Z[set SELinux security context to default]' - '(-Z)--context=-[like -Z, or specify SELinux security context]:SELinux security context' + '(-Z)--context=-[like -Z, or specify SELinux security context]::SELinux security context:_selinux_contexts' ) else aopts=( -A '-*' ) diff --git a/Completion/Unix/Command/_sudo b/Completion/Unix/Command/_sudo index 10fa2e82e..41e32cbae 100644 --- a/Completion/Unix/Command/_sudo +++ b/Completion/Unix/Command/_sudo @@ -23,9 +23,9 @@ args=( \*{-l,--list}"[list user's privileges or check a specific command]" '(-n --non-interactive)'{-n,--non-interactive}'[non-interactive mode, no prompts are used]' '(-p --prompt)'{-p+,--prompt=}'[use the specified password prompt]:prompt' - '(-r --role)'{-r+,--role=}'[create SELinux security context with specified role]:role' + '(-r --role)'{-r+,--role=}'[create SELinux security context with specified role]: :_selinux_roles' '(-S --stdin)'{-S,--stdin}'[read password from standard input]' - '(-t --type)'{-t+,--type=}'[create SELinux security context with specified type]:type' + '(-t --type)'{-t+,--type=}'[create SELinux security context with specified type]: :_selinux_types' '(-T --command-timeout)'{-T+,--command-timeout=}'[terminate command after specified time limit]:timeout' '(-U --other-user)'{-U+,--other-user=}'[in list mode, display privileges for user]:user:_users' '(-u --user)'{-u+,--user=}'[run command (or edit file) as specified user]:user:_users'