48210: Introduce new completion for setpriv(1) on Linux

2 files changed, 110 insertions, 0 deletions

diff --git a/ChangeLog b/ChangeLog
index 2bbf0afd5..a0eb693f5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,8 @@
 2021-03-28  Oliver Kiddle  <opk@zsh.org>
 
+	* Arseny Maslennikov: 48210, 48211:
+	Completion/Linux/Command/_setpriv: new completion for setpriv(1)
+
 	* Arseny Maslennikov: 48212: Completion/Linux/Type/_capabilities:
 	Introduce new completion for Linux task capabilities
 
diff --git a/Completion/Linux/Command/_setpriv b/Completion/Linux/Command/_setpriv
new file mode 100644
index 000000000..196f2f627
--- /dev/null
+++ b/Completion/Linux/Command/_setpriv
@@ -0,0 +1,107 @@
+#compdef setpriv
+
+__setpriv_prctl_securebits_set_elements() {
+  local -a expl
+  local -a bits
+
+  bits=(
+    noroot noroot_locked
+    no_setuid_fixup no_setuid_fixup_locked
+    keep_caps_locked
+  )
+
+  if ! compset -P '[+-]'; then
+    _description minus-or-plus expl "-/+"
+    compadd "${(@)expl}" -qS '' {+,-}
+    return
+  fi
+
+  _description minus-plus-securebits expl "prctl securebit"
+  compadd "${(@)expl}" "$@" -a - bits
+}
+
+__setpriv_numbered_caps() {
+  # The cap_ prefix.
+  # We override the suffix from _sequence with -S '' to stay adjacent
+  # to the following number.
+  if ! compset -P cap_; then
+    compadd -S '' "$@" -n - cap_
+    return
+  fi
+  # A capability number; i.e. a non-negative integer.
+  # We can't complete integers, so no matches.
+  if ! compset -P '[0-9]##'; then
+    local -a expl
+    _description -x numbers expl "capability number"
+    compadd -S '' "${(@)expl}" -n -
+    return
+  fi
+  # The numbered cap expression is complete.
+  compadd "$@" -n - ''
+}
+
+__setpriv_cap_set_elements() {
+  # '-' or '+', followed by one of the following:
+  # - a capability name
+  # - the word 'all'
+  # - 'cap_[0-9]+' (to specify unknown capabilities).
+  if ! compset -P '[+-]'; then
+    local -a expl
+    _description minus-or-plus expl "-/+"
+    compadd "${(@)expl}" -qS '' + -
+    return
+  fi
+
+  # We pass through compadd options generated by _sequence.
+  local -a sequence_argv=( "$@" )
+
+  _alternative -O sequence_argv \
+    'special-words:drop/obtain all caps:(all)' \
+    'capabilities: :_capabilities' \
+    'numbered-capabilities:cap_N:__setpriv_numbered_caps' \
+    #
+}
+
+__setpriv_death_signals() {
+  _alternative \
+    'special-words:keep or clear:(keep clear)' \
+    'signals:UNIX signal:_signals' \
+    #
+}
+
+local curcontext="$curcontext" state state_descr line
+typeset -A opt_args
+
+_arguments -C -S -s \
+  '(- : *)'{-h,--help}'[print help and exit]' \
+  '(- : *)'{-V,--version}'[print version information and exit]' \
+  '(- : *)'{-d,--dump}'[display the current privilege state]:*: :->option-dump' \
+  '(--groups --init-groups --keep-groups)--clear-groups[clear supplementary groups]' \
+  '(--clear-groups --init-groups --keep-groups)--groups[set supplementary groups]: : _sequence _groups' \
+  '(--clear-groups --groups --init-groups)--keep-groups[preserve supplementary groups]' \
+  '(--clear-groups --groups --keep-groups)--init-groups[initialize supplementary groups]' \
+  '--inh-caps[set inheritable caps]: : _sequence __setpriv_cap_set_elements' \
+  '--ambient-caps[set ambient caps]: : _sequence __setpriv_cap_set_elements' \
+  '--bounding-set[set the cap bounding set]: : _sequence __setpriv_cap_set_elements' \
+  '(- : *)--list-caps[list all known capabilities]' \
+  '--no-new-privs[set NO_NEW_PRIVS]' \
+  '--rgid[set real UNIX group id]:UNIX group:_groups' \
+  '--egid[set effective UNIX group id]:UNIX group:_groups' \
+  '--regid[set real and effective UNIX group id]:UNIX group:_groups' \
+  '--ruid[set real UNIX user id]:UNIX user:_users' \
+  '--euid[set effective UNIX user id]:UNIX user:_users' \
+  '--reuid[set real and effective UNIX user id]:UNIX user:_users' \
+  '--securebits[set "process securebits"]: : _sequence __setpriv_prctl_securebits_set_elements' \
+  '--pdeathsig[keep, clear, or set parent death signal]: : __setpriv_death_signals' \
+  '--selinux-label[request a selinux label]:SELinux labels: ' \
+  '--apparmor-profile[request an apparmor profile]:AppArmor profiles: ' \
+  '--reset-env[set environment as for a classic login shell]' \
+  '*:::command:_normal' \
+  && return 0
+
+case $state in
+  option-dump)
+    _arguments -S '*'{-d,--dump}'[display the current privilege state]'
+  ;;
+  *) ;;
+esac