1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
| | #compdef setpriv
__setpriv_prctl_securebits_set_element() {
local -a expl matches
local -a bits
bits=(noroot noroot_locked
no_setuid_fixup no_setuid_fixup_locked
keep_caps_locked
)
matches=( {-,+}"${(@)^bits}" )
_wanted minus-plus-securebits expl 'prctl securebits' \
compadd "$@" -a - matches
}
__setpriv_prctl_securebits_set() {
_sequence __setpriv_prctl_securebits_set_element
}
__setpriv_capability_expressions() {
# Nonlocal expl; _description call expected.
local -a caps matches
_capability_names caps
# Strip the prefix "cap_" from every array element.
# For every element, prepend "-" and "+" to the element.
matches=( {-,+}"${(@)^caps#cap_}" )
compadd "$@" "${(@)expl}" -a - matches
}
__setpriv_caps_all() {
# Nonlocal expl; _description call expected.
local -a names matches
names=(all)
matches=( {-,+}"${(@)^names}" )
compadd "$@" "${(@)expl}" -a - matches
}
__setpriv_cap_set_element() {
# We pass through arguments from _sequence.
local -a Oargv=( "$@" )
_alternative -O Oargv \
'special-actions:drop/obtain all caps:__setpriv_caps_all' \
'minus-plus-caps:capabilities:__setpriv_capability_expressions' \
#
}
__setpriv_cap_set() {
_sequence __setpriv_cap_set_element
}
__setpriv_death_signals() {
_alternative \
'special-actions:keep or clear:(keep clear)' \
'signals:UNIX signals:_signals' \
#
}
local context state state_descr line
typeset -A opt_args
_arguments -S \
'(- : *)--help[print help and exit]' \
'(- : *)'{-V,--version}'[print version information and exit]' \
'(- : *)*'{-d,--dump}'[display the current privilege state]' \
'--clear-groups[clear supplementary groups]' \
'--groups[set supplementary groups]:groups:_groups' \
'--inh-caps[set inheritable caps]:capability set: __setpriv_cap_set' \
'--ambient-caps[set ambient caps]:capability set: __setpriv_cap_set' \
'--bounding-set[set the cap bounding set]:capability set: __setpriv_cap_set' \
'(- : *)--list-caps[list all known capabilities]' \
'--keep-groups[preserve supplementary groups]' \
'--init-groups[initialize supplementary groups]' \
'--no-new-privs[set NO_NEW_PRIVS]' \
'--rgid[set real UNIX group id]:UNIX group:_groups' \
'--egid[set effective UNIX group id]:UNIX group:_groups' \
'--regid[set real and effective UNIX group id]:UNIX group:_groups' \
'--ruid[set real UNIX user id]:UNIX user:_users' \
'--euid[set effective UNIX user id]:UNIX user:_users' \
'--reuid[set real and effective UNIX user id]:UNIX user:_users' \
'--securebits[set "process securebits"]:prctl securebits:__setpriv_prctl_securebits_set' \
'--pdeathsig[keep, clear, or set parent death signal]:signals: __setpriv_death_signals' \
'--selinux-label[request a selinux label]:SELinux labels: ' \
'--apparmor-profile[request an apparmor profile]:AppArmor profiles: ' \
'--reset-env[set environment as for a classic login shell]' \
'*:::command:_normal' \
#
|