From 8f0a8131fad30c627d72f24a6a88ac0053cd3790 Mon Sep 17 00:00:00 2001 From: Oliver Kiddle Date: Fri, 17 Nov 2023 18:25:21 +0100 Subject: 52307: new completion for many SELinux tools --- Completion/Linux/Command/_selinux | 781 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 781 insertions(+) create mode 100644 Completion/Linux/Command/_selinux (limited to 'Completion/Linux/Command/_selinux') diff --git a/Completion/Linux/Command/_selinux b/Completion/Linux/Command/_selinux new file mode 100644 index 000000000..e7d4d3b2e --- /dev/null +++ b/Completion/Linux/Command/_selinux @@ -0,0 +1,781 @@ +#compdef audit2allow audit2why avcstat chcon checkmodule checkpolicy fixfiles getpidprevcon getsebool matchpathcon restorecon runcon sealert secon sedta seinfo selinuxconlist selinuxdefcon selinuxexeccon semanage semodule semodule_unpackage sepolgen sepolicy sesearch sestatus setenforce setsebool validatetrans + +# encompasses checkpolicy libselinux-utils policycoreutils +# policycoreutils-devel policycoreutils-python-utils setools-console +# setools-console-analyses setroubleshoot-server and a few utilities from +# coreutils + +_selinux_attributes() { + local -a seattrs expl + + seattrs=( ${(f)"$(_call_program selinux-attributes seinfo --flat -a)"} ) + _description selinux-attrs expl "selinux attribute" + compadd "$@" "$expl[@]" -a seattrs +} + +_selinux_bools() { + local -a sebools expl + + sebools=( ${(f)"$(_call_program selinux-bools seinfo --flat -b)"} ) + _description selinux-bools expl "selinux boolean" + compadd "$@" "$expl[@]" -a sebools +} + +_selinux_categories() { + local -a secats expl + + secats=( ${(f)"$(_call_program selinux-categories seinfo --flat --category)"} ) + _description selinux-categories expl "selinux category" + compadd "$@" "$expl[@]" -a secats +} + +_selinux_classes() { + local -a seclasses expl + + seclasses=( ${(f)"$(_call_program selinux-classes seinfo --flat -c)"} ) + _description selinux-classes expl "selinux object class" + compadd "$@" "$expl[@]" -a seclasses +} + +_selinux_commons() { + local -a secommons expl + + secommons=( ${(f)"$(_call_program selinux-commons seinfo --flat --common)"} ) + _description selinux-commons expl "selinux common permission set" + compadd "$@" "$expl[@]" -a secommons +} + +_selinux_interfaces() { + local -a seints expl + + seints=( ${(f)"$(_call_program selinux-interfaces sepolicy interface -l)"} ) + _description selinux-interfaces expl "selinux interface" + compadd "$@" "$expl[@]" -a seints +} + +_selinux_permissions() { + local -a seperms expl + + seperms=( ${${${${(f)"$(_call_program selinux-permissions seinfo -c --flat -x)"}:#[^[:blank:]]*}#[[:blank:]]}:1} ) + _description selinux-permissions expl "selinux permission" + compadd "$@" "$expl[@]" -a seperms +} + +_selinux_sids() { + local -a sesids expl + + sesids=( ${(f)"$(_call_program selinux-sids seinfo --flat --initialsid)"} ) + _description selinux-sids expl "selinux SID" + compadd "$@" "$expl[@]" -a sesids +} + +_selinux_sens() { + local -a sens expl + + sesids=( ${(f)"$(_call_program selinux-sens seinfo --flat --initialsid)"} ) + _description selinux-sensitivities expl "selinux sensitivity" + compadd "$@" "$expl[@]" -a sesids +} + +_selinux_modules() { + local -a modules expl + + modules=( ${(f)"$(_call_program selinux-modules semodule -l)"} ) + _description selinux-modules expl "selinux module" + compadd "$@" "$expl[@]" -a modules +} + +local curcontext="$curcontext" ret=1 +local -A opt_args +local -a args sepolgen state state_descr line +local ign +(( $#words > 2 )) && ign='!' + +sepolgen=( + "${ign}(-h --help)"{-h,--help}'[display help information]' + '(--application --cgi --dbus --inetd --init --admin_user --confined_admin --desktop_user --newtype --sandbox --x_user)'*{-d+,--domain=}'[specify domain to expand]:domain:_selinux_types -a domain' + \*{-r+,--role=}'[specify role(s) to which the administrator domain will transition]: :_selinux_roles' + \*{-u+,--user=}'[specify SELinux user(s) which will transition to this domain]: :_selinux_users' + \*{-a+,--admin=}'[specify domain(s) which this confined admin will administrate]:admin domain:_selinux_types' + '(-n --name)'{-n+,--name=}'[specify name of policy to generate]:name' + '(--admin_user --confined_admin --desktop_user --newtype --sandbox --x_user)*'{-t+,--type=}'[specify type(s) for which you will generate new definition and rule(s)]:type:_selinux_types' + '(-p --path)'{-p+,--path=}'[specify path in which the generated policy files will be stored]:path:_directories' + '(--newtype)*'{-w+,--writepath=}'[specify path to which the confined processes will need to write]:path:_directories' + '1:command:_files' + + '(application)' + "(-d)--application[generate 'User Application' policy]" + "(-d)--cgi[generate 'Web Application/Script (CGI)' policy]" + "(-d)--dbus[generate 'DBUS System Daemon' policy]" + "(-d)--inetd[generate 'Internet Services Daemon' policy]" + "(-d)--init[generate 'Standard Init Daemon' policy]" + "(-d -t 1)--admin_user[generate 'Administrator Login User Role' policy]" + "(-d -t 1)--confined_admin[generate 'Confined Root Administrator Role' policy]" + "(1)--customize[generate 'Existing Domain Type' policy]" + "(-d -t 1)--desktop_user[generate 'Desktop Login User Role' policy]" + "(-d -w 1)--newtype[generate 'Module information for a new type' policy]" + "(-d -t 1)--sandbox[generate 'Sandbox' policy]" + "(-d -t 1)--term_user[generate 'Minimal Terminal Login User Role' policy]" + "(-d -t 1)--x_user[generate 'Minimal X Windows Login User Role' policy]" +) + +case $service in + check(module|policy)) + args=( + '(-b --binary)'{-b,--binary}'[read an existing binary policy file rather than a source policy.conf file]' + '(-C --cil)'{-C,--cil}'[write CIL policy file rather than binary policy file]' + '(-E --werror)'{-E,--werror}'[treat warnings as errors]' + "${ign}(-h --help)"{-h,--help}'[display help information]' + '(-U --handle-unknown)'{-U+,--handle-unknown=}'[specify how the kernel should handle unknown classes or permissions]:action:(deny allow reject)' + '(-M --mls)'{-M,--mls}'[enable the MLS policy when checking and compiling the policy]' + '(-o --output)'{-o+,--output=}'[write a policy file]:file:_files' + '-c+[specify the policy version]:policy version [latest]' + ':input file:_files' + ) + ;| + + audit2(allow|why)) + args=( + '(-b --boot -i --input)'{-b,--boot}'[audit messages since last boot]' + '(-a --all -i --input -d --dmesg)'{-a,--all}'[read input from audit log]' + '(-p --policy)'{-p+,--policy=}'[specify policy file to use for analysis]:file:_files' + '(-d --dmesg -a --all -i --input)'{-d,--dmesg}'[read input from dmesg]' + '(-i --input -a --all -b --boot)'{-i+,--input=}'[read input from file]:file:_files' + '(-l --lastreload)'{-l,--lastreload}'[read input only after the last reload]' + '(-r --requires)'{-r,--requires}'[generate require statements for rules]' + '(-m --module -M --module-package -r --requires)'{-m+,--module=}'[set the module name]:module name:_selinux_modules' + '(-M --module-package -o --output -m --module)'{-M+,--module-package=}'[generate a module package]:module package:_files' + '(-o --output -M --module-package)'{-o+,--output=}'[append output to file]:file:_files' + '(-D --dontaudit)'{-D,--dontaudit}'[generate policy with dontaudit rules]' + '(-R --reference)'{-R,--reference}'[use installed macros in generated policy]' + '!(-R --reference -N --noreference)'{-N,--noreference} + '(-v --verbose)'{-v,--verbose}'[explain generated output]' + '(-e --explain)'{-e,--explain}'[fully explain generated output]' + '(-t --type)'{-t+,--type=}'[only process messages with type matching regex]:type' + '--perm-map=[specify file name of perm map]:file:_files' + '--interface-info=[specify file name of interface information]:file:_files' + '(-x --xperms)'{-x,--xperms}'[generate extended permission rules]' + '--debug[leave generated modules for -M]' + '(-w --why)'{-w,--why}'[translate SELinux audit messages into a description of why the access was denied]' + "${ign}(-h --help)"{-h,--help}'[display help information]' + "${ign}--version[display version information]" + ) + ;; + + avcstat) + args=( + '-c[cumulative]' + '-f+[specify AVC statistics file]:file [/sys/fs/selinux/avc/cache_stats]:_files' + ': :_guard "^-*" "interval (seconds)"' + ) + ;; + + chcon) + args=( -S + '(-h --no-dereference)--dereference[dereference symlinks]' \ + '(-h --no-dereference --dereference)'{-h,--no-dereference}'[operate on symlinks themselves]' \ + '(1 -u --user -r --role -l --range -t --type)--reference=[copy security context of specified file]:file:_files' \ + '(1 --reference -u --user)'{-u+,--user=}'[set user in the target security context]: :_selinux_users' \ + '(1 --reference -r --role)'{-r+,--role=}'[set role in the target security context]: :_selinux_roles' \ + '(1 --reference -t --type)'{-t+,--type=}'[set type in the target security context]: :_selinux_types' \ + '(1 --reference -l --range)'{-l+,--range=}'[set range in the target security context]:selinux range' \ + '(--recursive -R)'{--recursive,-R}'[recurse subdirectories]' \ + '(-v --verbose)'{-v,--verbose}'[output a diagnostic for every file processed]' \ + '(-H -L -P)-H[follow symlinks on the command line]' \ + '(-H -L -P)-L[follow all symlinks]' \ + "(-H -L -P)-P[don't follow symlinks (default)]" \ + '!(--preserve-root)--no-preserve-root' \ + "--preserve-root[fail to operate recursively on '/']" \ + '(--reference -u --user -r --role -l --range -t --type)1:security context:_selinux_contexts' \ + "${ign}--help[display help information]" \ + "${ign}--version[display version information]" \ + '*:file:_files' + ) + ;; + + checkmodule) + args=( + "${ign}(-)"{-V,--version}'[show policy versions created by this program]' + '-m[build a policy module instead of a base module]' + '-c+[build a policy module targeting a modular policy version]:version (4-21)' + ) + ;; + + checkpolicy) + args=( + '(-F --conf)'{-F,--conf}'[write policy.conf file rather than binary policy file]' + '(-d --debug)'{-d,--debug}'[enter debug mode after loading the policy]' + '(-S --sort)'{-S,--sort}'[sort ocontexts before writing out the binary policy]' + '(-t --target)'{-t+,--target=}'[specify the target platform]:platform:(selinux xen)' + '(-O --optimize)'{-O,--optimize}'[optimize the final kernel policy (remove redundant rules)]' + "${ign}(-)"{-V,--version}'[display version information]' + ) + ;; + + fixfiles) + args=( + '-B[record current date in /.autorelabel to speed later labeling]' + '-F[force reset of context to match file_context for customizable files]' + '-f[clear /tmp directory without prompt for removal]' + '-R+[discover files from specified rpm packages]:package' + '-C+[run a diff on the specified file]:file:_files' + '-N+[only act on files created after the specified date]:date (YYYY-MM-DD HH\:MM):_dates' + '-v[show changes in file labels]' + '-T+[specify number of threads to use]:threads' + '1::action:(check verify restore relabel onboot)' + '*:file:_files' + ) + ;; + + getpidprevcon) + _pids + return + ;; + + getsebool) + args=( + '(:)-a[show all booleans]' + '(-a):boolean:_selinux_bools' + ) + ;; + + matchpathcon) + args=( + '-m+[force file type for the lookup]:type:(file dir pipe chr_file blk_file lnk_file sock_file)' + "-n[don't display path]" + "-N[don't use translations]" + '-f+[use alternate file_context file]:file:_files' + '-p+[use prefix to speed translations]:prefix' + '-P+[use alternate policy root path]:path:_directories' + '-V[verify file context on disk matches defaults]' + '*:file path:_files' + ) + ;; + + restorecon) + args=( + '*-e+[exclude a directory]:directory:_directories' + '-f+[provide list of files to be processed]:file:_files' + '-F[force reset of context to match file_context for customizable files]' + "-i[ignore files that don't exist]" + '-I[ignore digest to force checking of labels even if SHA256 digest matches]' + '-D[set or update any directory SHA256 digests]' + '-m[include non-seclabel mounts in relabeling checks]' + "-n[don't change any file labels (passive check)]" + '(-v)-p[show progress]' + '(-R -r)'{-R,-r}'[change file labels recursively]' + '(-p)-v[show changes in file labels]' + '-W[display warnings about entries that had no matching files]' + '-0[expect NUL characters as input filename separators]' + "-x[don't cross file system boundaries]" + '-T+[specify number of threads to use]:threads' + "${ign}(-)"{-h,-\?}'[display help information]' + '*:file path:_files' + ) + ;; + + runcon) + args=( + '(1 -c --compute)'{-c,--compute}'[compute process transition context before modifying]' + '(1 -t --type=TYPE)'{-t+,--type=}'[specify type]: :_selinux_types' + '(1 -u --user=USER)'{-u+,--user=}'[specify user identity]: :_selinux_users' + '(1 -r --role=ROLE)'{-r+,--role=}'[specify role]: :_selinux_roles' + '(1 -l --range=RANGE)'{-l+,--range=}'[specify level range]:range' + '(-)1:security context:_selinux_contexts' + '*:::args:_normal' + ) + ;; + + sealert) + args=( + '(-b --browser)'{-b,--browser}'[launch the browser]' + '(-s --service -S --noservice)'{-s,--service}'[start sealert as a dbus service]' + '(-S --noservice -s --service)'{-S,--noservice}'[start sealert without dbus service as standalone app]' + '(-l --lookupid)'{-l+,--lookupid=}'[lookup alert by id, id may be wildcard * to lookup all alerts]:id' + '(-a --analyze)'{-a+,--analyze=}'[scan a log file, analyze its AVCs]:log file:_files' + '(-u --user)'{-u+,--user=}'[logon user name]:username' + '(-p --password)'{-p+,--password=}'[logon user password]:password' + '(-P --plugin)'{-P+,--plugin=}'[specify plugin name, required for -f]:plugin name' + '(-f --fix)'{-f+,--fix=}'[fix avc with the given uuid, requires plugin]:uuid' + "${ign}(-)"{-h,--help}'[display help information]' + ) + ;; + + secon) + args=( + "${ign}(-)"{-h,--help}'[display help information]' + "${ign}(-)--version[display version information]" + '(-P --prompt)'{-P,--prompt}'[output in a format good for a prompt]' + '(-u --user)'{-u,--user}'[show user of the context]' + '(-r --role)'{-r,--role}'[show role of the context]' + '(-t --type)'{-t,--type}'[show type of the context]' + '(-s --sensitivity)'{-s,--sensitivity}'[show sensitivity level of the context]' + '(-c --clearance)'{-c,--clearance}'[show clearance level of the context]' + '(-m --mls-range)'{-m,--mls-range}'[show sensitivity to clearance range of]' + '(-R --raw)'{-R,--raw}'[output context in "raw" format]' + '(-C --color)'{-C,--color}'[output using ANSI color codes (requires -P)]' + + '(context)' + {--self,--current}'[get context for the current process]' + {--self-exec,--current-exec}'[get exec context for the current process]' + {--self-fs,--current-fs}'[get fs context for the current process]' + {--self-key,--current-key}'[get key context for the current process]' + '--parent[get context for the parent process]' + '--parent-exec[get exec context for the parent process]' + '--parent-fs[get fs context for the parent process]' + '--parent-key[get key context for the parent process]' + {-p+,--pid=}'[context from the specified pid]:pid:_pids' + '--pid-exec[use exec context from the specified pid]:pid:_pids' + '--pid-fs[use fs context from the specified pid]:pid:_pids' + '--pid-key[use key context from the specified pid]:pid:_pids' + {-f+,--file=}'[use context from the specified file]:file:_files' + {-L+,--link=}"[use context from the specified file, doesn't follow symlinks]:file:_files" + ':context:_selinux_contexts' + ) + ;; + + sedta) + args=( + '(-p --policy)'{-p+,--policy=}'[specify path to SELinux policy to analyze]:policy:_files' + '(-s --source)'{-s+,--source=}'[specify source type of the analysis]:source:_selinux_types -a domain' + '(-t --target)'{-t+,--target=}'[specify target type of the analysis]:target:_selinux_types -a domain' + '--full[print rule lists for transitions]' + '--stats[display statistics at the end of the analysis]' + '(-v --verbose)'{-v,--verbose}'[extra informational messages]' + '--debug[enable debugging]' + '(-S --shortest_path)'{-S,--shortest_path}'[calculate all shortest paths]' + '(-A --all_paths)'{-A+,--all_paths=}'[calculate all paths]:max steps' + '(-r --reverse)'{-r,--reverse}'[perform a reverse DTA]' + '(-l --limit_trans)'{-l+,--limit_trans=}'[limit to the specified number of transitions]:limit' + '*:excluded domain:_selinux_types -a domain' + "${ign}(- *)"{-h,--help}'[display help information]' + "${ign}(-)--version[display version information]" + ) + ;; + + seinfo) + args=( + '(-a --attribute)'{-a,--attribute}'[list attributes or print named attribute]:: :_selinux_attributes' + '(-b --bool)'{-b,--bool}'[list booleans or print named boolean]:: :_selinux_bools' + '(-c --class)'{-c,--class}'[list object classes or print named object class]:: :_selinux_classes' + '(-r --role)'{-r,--role}'[list roles or print named role]:: :_selinux_roles' + '(-t --type)'{-t,--type}'[list types or print named type]:: :_selinux_types' + '(-u --user)'{-u,--user}'[list users or print named user]:: :_selinux_users' + '--category[list categories or print named category]:: :_selinux_categories' + '--common[list common permission sets or print named common]:: :_selinux_commons' + '--constrain[list constraints or print constraints for named object class]:: :_selinux_classes' + '--default[list default_* statements or print statements for named object class]:: :_selinux_classes' + '--fs_use[list fs_use_* statements or print statements for named filesystem type]:: :_file_systems' + '--genfscon[list genfscon statements or print statements for named filesystem type]:: :_file_systems' + '--initialsid[list initial SIDs or print named SID]:: : _selinux_sids' + '--netifcon[list netif contexts or print for named interface]:: : _net_interfaces' + '--nodecon[list node contexts or print statement for node with specified address]::address' + '--permissive[list permissive types or print named statement]::type' + '--polcap[list policy capabilities or print named statement]::type' + '--portcon[list port contexts or print statements for port range]::port range' + '--sensitivity[list sensitivities or print named sensitivity]:: :_selinux_sens' + '--typebounds[list type bounds or print named bound type]:: :_selinux_typebounds' + '--validatetrans[list validatetrans rules or print constraints for named object class]:: :_selinux_classes' + '--all[list all components]' + '(-x --expand)'{-x,--expand}'[print additional details]' + '--flat[exclude headers and indentation in output]' + '(-v --verbose)'{-v,--verbose}'[print additional informational messages]' + '--debug[enable debugging output]' + "${ign}--help[display help information]" + "${ign}--version[display version information]" + ':policy:_files' + ) + ;; + + selinuxconlist) + args=( + '-l+[specify mcs/mls level]:level' + ':user:_selinux_users' + ':context:_selinux_contexts' + ) + ;; + + selinuxdefcon) + args=( + '-l+[specify mcs/mls level]:level' + ':user:_users' + ':context:_selinux_contexts' + ) + ;; + + selinuxexeccon) + args=( + '1:command:_files -g "*(-*)"' + '2:from context:_selinux_contexts' + ) + ;; + + semanage) + _arguments -C \ + {-h,--help}'[display help information]' \ + ': :->command' \ + '*::: := ->option-or-argument' && ret=0 + + case $state in + command) + local -a subcmds + + subcmds=( + import:'import local customizations' + export:'output local customizations' + login:'manage login mappings between linux users and SELinux confined users' + user:'manage SELinux confined users (Roles and levels for an SELinux user)' + port:'manage network port type definitions' + interface:'manage network interface type definitions' + module:'manage SELinux policy modules' + node:'manage network node type definitions' + fcontext:'manage file context mapping definitions' + boolean:'manage booleans to selectively enable functionality' + permissive:'manage process type enforcement mode' + dontaudit:'disable/enable dontaudit rules in policy' + ibpkey:'manage infiniband pkey type definitions' + ibendport:'manage infiniband end port type definitions' + ) + + _describe -t commands command subcmds + return + ;; + option-or-argument) + (( $#words > 2 )) && ign='!' || ign='' + curcontext=${curcontext%:*}-$line[1]: + args=( + "${ign}(-)"{-h,--help}'[display help information]' + '(-S --store)'{-S+,--store=}'[select an alternate SELinux Policy Store to manage]:store:_files' + ) + + case $line[1] in + ^export) + args+=( '(-N --noreload)'{-N,--noreload}"[don't reload policy after commit]" ) + ;| + boolean|fcontext|ibendport|ibpkey|interface|login|module|node|port|user) + args+=( '(-C --locallist)'{-C,--locallist}'[list local customizations]' ) + ;| + boolean|fcontext|ibendport|ibpkey|interface|login|module|node|permissive|port|user) + args+=( + '(-n --noheading)'{-n,--noheading}"[don't print list heading]" + '(-l --list)'{-l,--list}'[list records]' + '(-E --extract)'{-E,--extract}'[extract customizable commands, for use within a transaction]' + ) + ;| + boolean|dontaudit|export|import) + args+=( '(-a --add)'{-a,--add}'[add a record]' ) + ;| + boolean|fcontext|ibendport|ibpkey|interface|login|node|permissive|port|user) + args+=( + '(-d --delete)'{-d,--delete}'[delete a record]' + '(-D --deleteall)'{-D,--deleteall}'[remove all local customizations]' + ) + ;| + boolean|fcontext|ibendport|ibpkey|interface|login|node|port|user) + args+=( '(-m --modify)'{-m,--modify}'[modify a record]' ) + ;| + fcontext|login) + args+=( '(-s --seuser)'{-s+,--seuser=}'[SELinux user name]:seuser:_selinux_users' ) + ;| + fcontext|ibendport|ibpkey|interface|node|port) + args+=( '(-t --type)'{-t+,--type=}'[SELinux Type for the object]:type:_selinux_contexts -a file_type' ) + ;| + fcontext|ibendport|ibpkey|interface|login|node|port|user) + args+=( '(-r --range)'{-r+,--range=}'[specify MLS/MCS Security Range]:range' ) + ;| + + import) + args+=( '(-f --input_file)'{-f+,--input_file=}'[specify input file]:input file:_files' ) + ;; + export) + args+=( '(-f --output_file)'{-f+,--output_file=}'[specify output file]:output_file' ) + ;; + login) + args+=( '(-l --list)1: :{ compset -P % && _groups || _users }' ) + ;; + user) + args+=( + '(-L --level)'{-L,--level}'[default SELinux Level for SELinux user, s0 Default. (MLS/MCS Systems only)]:level' + \*{-R,--roles}'[specify SELinux Roles]:roles:_selinux_roles' + ': :_selinux_users' + ) + ;; + port) + args+=( + '(-p --proto)'{-p+,--proto=}'[specify protocol for the specified port]:protocol:(tcp udp dccp sctp)' + ': :_ports' + ) + ;| + interface) + args+=( ': :_selinux_interfaces' ) + ;; + module) + args+=( + '(-P --priority)'{-P+,--priority=}'[select a priority for module operations]:priority [400]' + '(-E --extract)'{-E,--extract}'[extract customizable commands, for use within a transaction]' + '(-a --add)'{-a,--add}'[add a module]:module name:_selinux_modules' + '(-r --remove)'{-r,--remove}'[remove a module]:module name:_selinux_modules' + '(-d --disable)'{-d,--disable}'[disable a module]:module name:_selinux_modules' + '(-e --enable)'{-e,--enable}'[enable a module]:module name:_selinux_modules' + ) + ;; + node) + args+=( + '(-p --proto)'{-p+,--proto=}'[specify protocol for the specified node]:protocol:(ipv4 ipv6)' + '(-M --netmask)'{-M+,--netmask=}'[specify network mask]:netmask' + ':node:' + ) + ;; + fcontext) + args+=( + '(-e --equal)'{-e+,--equal=}'[substitute target path with sourcepath when generating default label]:equal' + '(-f --ftype)'{-f+,--ftype=}'[specify file type]:file type:(( + f\:regular\ file + d\:directory + c\:character\ device + b\:block device + s\:socket + l\:symbolic\ link + p\:named\ pipe))' + ':file spec (regex):_files' + ) + ;; + boolean) + args+=( + '(-)'{-1,--on}'[enable]' + '(-)'{-0,--off}'[disable]' + ':boolean:_selinux_bools' + ) + ;; + permissive) + args+=( '1:type:_selinux_types' ) + ;; + dontaudit) + args+=( '1:value:(on off)' ) + ;; + ibpkey) + args+=( + '(-x --subnet_prefix)'{-x,--subnet_prefix}'[specify subnet prefix for the specified infiniband ibpkey]:subnet prefix' + ':pkey:' + ) + ;; + ibendport) + args+=( + '(-z --ibdev_name)'{-z+,--ibdev_name=}'[specify name for the specified infiniband end port]:ibdev name' + ) + ;; + esac + ;; + esac + ;; + + semodule) + args=( + \*{-R,--reload}'[force a reload of policy]' + \*{-B,--build}'[build and reload policy]' + \*'--refresh[like --build but reuse existing linked policy if module files unchanged]' + \*{-D,--disable_dontaudit}'[remove dontaudits from policy]' + \*{-i+,--install=}'[install a new module]:module package:_files -g "*.pp(-.)"' + \!{-b,--base,-u,--upgrade}':module package:_files -g "*.pp(-.)"' + \*{-r+,--remove=}'[remove existing module at desired priority]:module name:_selinux_modules' + \*{-l+,--list-modules=-}'[display list of installed modules]::kind:(( + standard\:highest\ priority,\ enabled\ modules + full\:list\ all\ modules + ))' + \*{-X+,--priority=}'[set priority for following operations]:priority (1-999)' + \*{-e,--enable=}'[enable module]:module name:_selinux_modules' + \*{-d,--disable=}'[disable module]:module name:_selinux_modules' + \*{-E,--extract=}'[extract module]:module name:_selinux_modules' + '(-s --store)'{-s+,--store=}'[name of the store to operate on]:store' + '(-N -n --noreload)'{-N,-n,--noreload}"[don't reload policy after commit]" + '(-v --verbose)'{-v,--verbose}'[be verbose]' + '(-P --preserve_tunables)'{-P,--preserve_tunables}'[preserve tunables in policy]' + '(-C --ignore-module-cache)'{-C,--ignore-module-cache}'[rebuild CIL modules compiled from HLL files]' + '(-p --path)'{-p,--path}'[use an alternate path for the policy root]' + '(-S --store-path)'{-S+,--store-path=}'[use an alternate path for the policy store root]:path:_directories' + '(-c --cil)'{-c,--cil}'[extract module as cil; only affects module extraction]' + '(-H --hll)'{-H,--hll}'[extract module as hll; only affects module extraction]' + '(-m --checksum)'{-m,--checksum}'[add SHA256 checksum of modules to the list output]' + '!(--refresh)--rebuild-if-modules-changed' + "${ign}(-)"{-h,--help}'[display help information]' + ) + ;; + + semodule_unpackage) + args=( + ':pp file:_files -g "*.pp(-.)"' + ':mod file:_files -g "*.mod(-.)"' + ':fc file:_files -g "*.fc(-.)"' + ) + ;; + + sepolgen) + args=( $sepolgen ) + ;; + sepolicy) + _arguments -C \ + '-P+[specify policy to examine]' \ + "${ign}(- 1)-h[display help information]" \ + '1:command:(( + booleans\:"get description of booleans" + communicate\:"query if domains can communicate with each other" + generate\:"generate policy module template" + gui\:"graphical user interface for policies" + interface\:"list policy interfaces" + manpage\:"generate man pages for policies" + network\:"query policy network information" + transition\:"query policy to see how a source process domain can transition to the target process domain"))' \ + '*::: := ->option-or-argument' && ret=0 + case $state in + option-or-argument) + curcontext=${curcontext%:*}-$line[1]: + args=( '(-)'{-h,--help}'[display help information]' ) + case $line[1] in + transition|communicate) + args+=( + '(-s --source)'{-s+,--source=}'[specify source domain]:source:_selinux_types -a domain' + '(-t --target)'{-t+,--target=}'[specify target domain]:target:_selinux_types -a domain' + ) + ;| + manpage|network) + args+=( + {-d,--domain}'[specify domain]:*: :_selinux_types -a domain' + '!*'{-d-,--domain=-}': :_selinux_types -a domain' + ) + ;| + booleans) + args+=( + '(-)'{-a,--all}'[get all booleans descriptions]' + \*{-b,--boolean}'[specify boolean to show description]:*:boolean:_selinux_bools' + '!(-a --all -h --help)*'{-b-,--boolean=}': :_selinux_bools' + ) + ;; + communicate) + args+=( + '(-c --class)'{-c+,--class=}'[specify class to use for communications]:tclass [file]:_selinux_classes' + '(-S --sourceaccess)'{-S+,--sourceaccess=}'[specify permissions for the source type to use]:source access [open,write]' + '(-T --targetaccess)'{-T+,--targetaccess=}'[specify permissions for the target type to use]:target access [open,read]' + ) + ;; + generate) + args=( $sepolgen ) + ;; + interface) + args+=( + '(-c --compile)'{-c,--compile}'[run compile test for selected interface]' + '(-v --verbose)'{-v,--verbose}'[show verbose information]' + '(-f --file)'{-f+,--file=}'[specify interface file]:interface file:_files' + '(-a --list_admin)'{-a,--list_admin}'[list all domains with admin interface - DOMAIN_admin()]' + '(-u --list_user)'{-u,--list_user}'[list all domains with SELinux user role interface - DOMAIN_role()]' + '(-l --list)'{-l,--list}'[list all interfaces]' + {-i,--interfaces}'[specify interface names]:*:interface:_selinux_interfaces' + '!*'{-i-,--interfaces=-}':interface:_selinux_interfaces' + ) + ;; + manpage) + args+=( + '(-p --path)'{-p+,--path=}'[specify path in which the generated selinux man pages will be stored]:path:_directories' + '(-o --os)'{-o+,--os=}'[specify name of the OS for man pages]:OS' + '(-w --web)'(-w,--web)'[generate HTML man pages structure]' + '(-r --root)'{-r+,--root=}'[specify alternate root directory]:root [/]:_directories' + '--source_files[alternative root path needs to include file context files and policy.xml file]' + '(-a --all -d --domain)'{-a,--all}'[all domains]' + ) + ;; + network) + args+=( + '(-l --list)'{-l,--list}'[list all SELinux port types]' + {-p,--port}'[specify type related to the port]:*:port number' + '!*'{-p-,--port=-}':port number' + {-t,--type}'[show ports defined for this SELinux type]:*:port type:_selinux_types -a port_type' + '!*'{-t-,--type=-}':port type:_selinux_types -a port_type' + {-d,--domain}'[specify domain]:*:domain:_selinux_types -a domain' + '!*'{-d-,--domain=-}':domain:_selinux_types -a domain' + {-a,--application}'[show ports to which this application can bind and/or connect]:*:application:_selinux_types -a application_domain_type' + '!*'{-a-,--application=-}':domain:_selinux_types -a application_domain_type' # am not sure this is what is meant by applications + ) + ;; + esac + ;; + esac + ;; + + sesearch) + args=( + "${ign}(-h --help)"{-h,--help}'[display help information]' + "${ign}--version[display version information]" + '(-v --verbose)'{-v,--verbose}'[print extra informational messages]' + '--debug[enable debugging]' + '-A[search allow and allowxperm rules]' + '--allow[search allow rules]' + '--allowxperm[search allowxperm rules]' + '--auditallow[search auditallow rules]' + '--auditallowxperm[search auditallowxperm rules]' + '--dontaudit[search dontaudit rules]' + '--dontauditxperm[search dontauditxperm rules]' + '--neverallow[search neverallow rules]' + '--neverallowxperm[search neverallowxperm rules]' + '(-T --type_trans)'{-T,--type_trans}'[search type_transition rules]' + '--type_change[search type_change rules]' + '--type_member[search type_member rules]' + '--role_allow[find role allow rules]' + '--role_trans[find range_transition rules]' + '--range_trans[search range_transition rules]' + '(-s --source)'{-s+,--source=}'[source type/role of the TE/RBAC rule]: : _alternative + "types\:type\:_selinux_types" + "roles\:role\:_selinux_attributes"' + '(-t --target)'{-t+,--target=}'[target type/role of the TE/RBAC rule]: : _alternative + "types\:type\:_selinux_types" + "roles\:role\:_selinux_attributes"' + '(-c --class)'{-c+,--class=}'[comma separated list of object classes]:class:_sequence _selinux_classes' + '(-p --perms)'{-p+,--perms=}'[comma separated list of permissions]: :_sequence _selinux_permissions' + '(-x --xperms)'{-x+,--xperms=}'[comma separated list of extended permissions]:xperms' + '(-D --default)'{-D+,--default=}'[default of the rule. (type/role/range transition rules]:default' + '(-b --bool)'{-b+,--bool=}'[comma separated list of Booleans in the conditional expression]:bool ' + '-eb[match Boolean list exactly instead of matching any listed boolean]' + '-ep[match permission set exactly instead of matching any listed permission]' + '-ex[match extended permission set exactly instead of matching any listed permission]' + '-Sp[match rules where the listed permissions are a subset of the rule permissions]' + '-ds[match source attributes directly instead of matching member types/roles]' + '-dt[match target attributes directly instead of matching member types/roles]' + '-rs[use regular expression matching for the source type/role]' + '-rt[use regular expression matching for the target type/role]' + '-rc[use regular expression matching for the object class]' + '-rd[use regular expression matching for the default type/role]' + '-rb[use regular expression matching for booleans]' + ':policy:_files' + ) + ;; + + sestatus) + args=( '-b[booleans]' '-v[contexts of files and processes listed in the /etc/sestatus.conf]' ) + ;; + + setenforce) + _alternative \ + 'enable-args:enable:(Enforcing 1)' \ + 'disable-args:disable:(Permissive 0)' + return + ;; + + setsebool) + args=( + '-P[make changes persistent by writing pending values to disk]' + "-N[don't reload policy from disk]" + '-V[print verbose error messages]' + ':boolean:_selinux_bools' + ': : _values value + {1,on}"[enable]" + {0,off}"[disable]"' + ) + ;; + + validatetrans) + args=( + ':source context:_selinux_contexts' + ':target context:_selinux_contexts' + ':class:_selinux_classes' + ':new context:_selinux_contexts' + ) + ;; +esac + +_arguments -s $args -- cgit v1.2.3 From 93334b207ff7a7b0fe7d85ccea5b0aeccab0a4da Mon Sep 17 00:00:00 2001 From: Oliver Kiddle Date: Mon, 18 Mar 2024 21:34:11 +0100 Subject: 52770: handle newrole in SELinux completions --- ChangeLog | 2 ++ Completion/Linux/Command/_selinux | 31 +++++++++++++++++++++++-------- 2 files changed, 25 insertions(+), 8 deletions(-) (limited to 'Completion/Linux/Command/_selinux') diff --git a/ChangeLog b/ChangeLog index 3782b0d2d..296b74de8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,7 @@ 2024-03-18 Oliver Kiddle + * 52770: Completion/Linux/Command/_selinux: handle newrole + * 52769: Completion/Unix/Command/_ansible: fix completion of ansible keywords and --step option diff --git a/Completion/Linux/Command/_selinux b/Completion/Linux/Command/_selinux index e7d4d3b2e..a7ba68952 100644 --- a/Completion/Linux/Command/_selinux +++ b/Completion/Linux/Command/_selinux @@ -1,4 +1,4 @@ -#compdef audit2allow audit2why avcstat chcon checkmodule checkpolicy fixfiles getpidprevcon getsebool matchpathcon restorecon runcon sealert secon sedta seinfo selinuxconlist selinuxdefcon selinuxexeccon semanage semodule semodule_unpackage sepolgen sepolicy sesearch sestatus setenforce setsebool validatetrans +#compdef audit2allow audit2why avcstat chcon checkmodule checkpolicy fixfiles getpidprevcon getsebool matchpathcon newrole restorecon runcon sealert secon sedta seinfo selinuxconlist selinuxdefcon selinuxexeccon semanage semodule semodule_unpackage sepolgen sepolicy sesearch sestatus setenforce setsebool validatetrans # encompasses checkpolicy libselinux-utils policycoreutils # policycoreutils-devel policycoreutils-python-utils setools-console @@ -251,6 +251,21 @@ case $service in ) ;; + newrole) + local cmd cpp + cmd="$words[1]" + cpp='_comp_priv_prefix=( $cmd ${(kv)opt_args[(I)-([rtl]|-role|-type|-level)]} )' + args=( + '(-r --role)'{-r+,--role=}'[specify role]: :_selinux_roles' + '(-t --type)'{-t+,--type=}'[specify type]: :_selinux_types' + '(-l --level)'{-l+,--range=}'[specify level]:level' + '(-p --preserve-environment)'{-p,--preserve-environment}"[don't create new minimal environment]" + "${ign}(-)"{-V,--version}'[display version information]' + "(-)1: :{ $cpp; _command_names -e }" \ + "*:: :{ $cpp; _normal }" + ) + ;; + restorecon) args=( '*-e+[exclude a directory]:directory:_directories' @@ -276,10 +291,10 @@ case $service in runcon) args=( '(1 -c --compute)'{-c,--compute}'[compute process transition context before modifying]' - '(1 -t --type=TYPE)'{-t+,--type=}'[specify type]: :_selinux_types' - '(1 -u --user=USER)'{-u+,--user=}'[specify user identity]: :_selinux_users' - '(1 -r --role=ROLE)'{-r+,--role=}'[specify role]: :_selinux_roles' - '(1 -l --range=RANGE)'{-l+,--range=}'[specify level range]:range' + '(1 -t --type)'{-t+,--type=}'[specify type]: :_selinux_types' + '(1 -u --user)'{-u+,--user=}'[specify user identity]: :_selinux_users' + '(1 -r --role)'{-r+,--role=}'[specify role]: :_selinux_roles' + '(1 -l --range)'{-l+,--range=}'[specify level range]:range' '(-)1:security context:_selinux_contexts' '*:::args:_normal' ) @@ -460,7 +475,7 @@ case $service in '(-E --extract)'{-E,--extract}'[extract customizable commands, for use within a transaction]' ) ;| - boolean|dontaudit|export|import) + fcontext|ibendport|ibpkey|interface|login|module|node|permissive|port|user) args+=( '(-a --add)'{-a,--add}'[add a record]' ) ;| boolean|fcontext|ibendport|ibpkey|interface|login|node|permissive|port|user) @@ -573,8 +588,8 @@ case $service in \*{-B,--build}'[build and reload policy]' \*'--refresh[like --build but reuse existing linked policy if module files unchanged]' \*{-D,--disable_dontaudit}'[remove dontaudits from policy]' - \*{-i+,--install=}'[install a new module]:module package:_files -g "*.pp(-.)"' - \!{-b,--base,-u,--upgrade}':module package:_files -g "*.pp(-.)"' + \*{-i+,--install=}'[install a new module]:module package:_files -g "*.(pp|cil)(-.)"' + \!{-b,--base,-u,--upgrade}':module package:_files -g "*.(pp|cil)(-.)"' \*{-r+,--remove=}'[remove existing module at desired priority]:module name:_selinux_modules' \*{-l+,--list-modules=-}'[display list of installed modules]::kind:(( standard\:highest\ priority,\ enabled\ modules -- cgit v1.2.3 From 4e4274eda6012aead1f236502b163ba063bc465a Mon Sep 17 00:00:00 2001 From: Oliver Kiddle Date: Mon, 27 Jan 2025 23:10:16 +0100 Subject: 53328: completion options update --- ChangeLog | 12 +++ Completion/Linux/Command/_cpupower | 1 - Completion/Linux/Command/_cryptsetup | 32 ++++++- Completion/Linux/Command/_ethtool | 12 ++- Completion/Linux/Command/_iptables | 166 ++++++++++++++++++++++++++++++++++- Completion/Linux/Command/_selinux | 17 ++-- Completion/Linux/Command/_sshfs | 13 +-- Completion/Linux/Command/_valgrind | 8 +- Completion/Unix/Command/_abcde | 2 +- Completion/Unix/Command/_dig | 47 +++++----- Completion/Unix/Command/_flac | 17 ++-- Completion/Unix/Command/_gnutls | 5 +- Completion/Unix/Command/_jq | 27 +++--- Completion/Unix/Command/_pv | 11 +++ Completion/Unix/Command/_sqlite | 2 + Completion/Unix/Command/_ssh | 12 ++- Completion/X/Command/_zeal | 1 + 17 files changed, 321 insertions(+), 64 deletions(-) (limited to 'Completion/Linux/Command/_selinux') diff --git a/ChangeLog b/ChangeLog index c5db038e6..cb90a5736 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,17 @@ 2025-01-27 Oliver Kiddle + * 53328: Completion/Linux/Command/_cpupower, + Completion/Linux/Command/_cryptsetup, + Completion/Linux/Command/_ethtool, + Completion/Linux/Command/_iptables, + Completion/Linux/Command/_selinux, Completion/Linux/Command/_sshfs, + Completion/Linux/Command/_valgrind, Completion/Unix/Command/_abcde, + Completion/Unix/Command/_dig, Completion/Unix/Command/_flac, + Completion/Unix/Command/_gnutls, Completion/Unix/Command/_jq, + Completion/Unix/Command/_pv, Completion/Unix/Command/_sqlite, + Completion/Unix/Command/_ssh, Completion/X/Command/_zeal: + completion options update + * 53326: Completion/Linux/Command/_findmnt, Completion/Linux/Command/_free, Completion/Linux/Command/_losetup, Completion/Linux/Command/_lsblk, Completion/Linux/Command/_pidof, diff --git a/Completion/Linux/Command/_cpupower b/Completion/Linux/Command/_cpupower index d342b69d9..cb6f37fb0 100644 --- a/Completion/Linux/Command/_cpupower +++ b/Completion/Linux/Command/_cpupower @@ -20,7 +20,6 @@ cmds=( 'info:show global power parameters' 'set:set global power parameters' 'monitor:report frequency and idle statistics' - 'powercap-info:show powercapping related kernel and hardware configurations' 'help:print usage information' ) case $state in diff --git a/Completion/Linux/Command/_cryptsetup b/Completion/Linux/Command/_cryptsetup index f7149a76f..897eb94f9 100644 --- a/Completion/Linux/Command/_cryptsetup +++ b/Completion/Linux/Command/_cryptsetup @@ -13,7 +13,7 @@ _arguments -s \ '(-y --verify-passphrase)'{-y,--verify-passphrase}'[query for password twice]' \ '(-d --key-file)'{-d+,--key-file=}'[set keyfile]:key file:_files' \ '--master-key-file=[set master key]:key file:_files' \ - '--dump-master-key[dump luks master key]' \ + '--dump-volume-key[dump volume key instead of keyslots info]' \ '(-s --key-size)'{-s+,--key-size=}'[set key size]:size (bits)' \ '(-l --keyfile-size)'{-l+,--keyfile-size=}'[set keyfile size]:size (bytes)' \ '--keyfile-offset=[specify number of bytes to skip in keyfile]:offset (bytes)' \ @@ -37,8 +37,35 @@ _arguments -s \ '--shared[share device with another non-overlapping crypt segment]' \ '--uuid=[set device UUID]:uuid' \ '--allow-discards[allow discard (aka TRIM) requests for device]' \ + '--cancel-deferred[cancel previously set deferred device removal]' \ + '--disable-blkid[disable blkid on-disk signature detection and wiping]' \ + '--disable-external-tokens[disable loading of external LUKS2 token plugins]' \ + "--disable-veracrypt[don't scan for VeraCrypt compatible device]" \ + '--dump-json-metadata[dump info in JSON format (LUKS2 only)]' \ + '--dump-volume-key[dump volume key instead of keyslots info]' \ + '--external-tokens-path=[specify path to directory with external token handlers (plugins)]:path:_directories' \ + '--force-offline-reencrypt[force offline LUKS2 reencryption and bypass active device detection]' \ '--header=[device or file with separated LUKS header]:file:_files' \ - '--test-passphrase[do not activate device, just check passphrase]' \ + '--hw-opal[use HW OPAL encryption together with SW encryption]' \ + '--hw-opal-factory-reset[wipe WHOLE OPAL disk on luksErase]' \ + '--hw-opal-only[use only HW OPAL encryption]' \ + '--keep-key[do not change volume key]' \ + '--link-vk-to-keyring=[set keyring where to link volume key]:string' \ + '--new-keyfile=[read the key for a new slot from a file]:file:_files' \ + '--new-key-slot=[specify slot number for new key]:slot [first free]' \ + '--new-token-id=[token number]:number [any]' \ + '--progress-json[print progress data in json format]' \ + "--test-args[don't run action, just validate all command line parameters]" \ + '--volume-key-file=[use the volume key from file]:file:_files' \ + '--volume-key-keyring=[use the specified keyring key as a volume key]:key' \ + '(-B --block-size)'{-B+,--block-size=}'[reencryption block size]:block size (MiB)' \ + '(-N --new)'{-N,--new}'[create new header on not encrypted device]' \ + '--use-directio[use direct-io when accessing devices]' \ + '--use-fsync[use fsync after each block]' \ + '--write-log[update log file after every block]' \ + "--test-passphrase[don't activate device, just check passphrase]" \ + '--token-replace[replace the current token]' \ + '--token-type=[restrict allowed token types used to retrieve LUKS2 key]:string' \ '--tcrypt-hidden[use hidden header (hidden TCRYPT device)]' \ '--tcrypt-system[device is system TCRYPT drive (with bootloader)]' \ '--tcrypt-backup[use backup (secondary) TCRYPT header]' \ @@ -118,6 +145,7 @@ case $state in 'luksDump:dump header information' 'tcryptDump:dump TCRYPT device information' 'bitlkDump:dump BITLK device information' + 'fvault2Dump:dump FVAULT2 device information' 'luksSuspend:suspend LUKS device and wipe key' 'luksResume:resume suspended LUKS device' 'luksHeaderBackup:store binary backup of headers' diff --git a/Completion/Linux/Command/_ethtool b/Completion/Linux/Command/_ethtool index 3e3fc0b1d..8cff24e96 100644 --- a/Completion/Linux/Command/_ethtool +++ b/Completion/Linux/Command/_ethtool @@ -157,7 +157,7 @@ if [[ -n $state ]]; then _wanted files expl 'file' _files ;; rx-flow-hash) - _wanted flow-types expl 'flow type' compadd {tcp,udp,ah,esp,sctp}{4,6} + _wanted flow-types expl 'flow type' compadd {tcp,udp,ah,esp,sctp}{4,6} gtp{c{4,6}{,t},u{4,6}{,e,u,d}} ;; rule) _message -e ids 'rule id' @@ -177,6 +177,9 @@ if [[ -n $state ]]; then hfunc) _message -e functions 'hash function' ;; + xfrm) + _wanted transformations expl transformation compadd symmetric-xor none + ;; flags) _message -e masks mask ;; @@ -186,6 +189,9 @@ if [[ -n $state ]]; then power-mode-policy) _wanted policies expl 'policy' compadd high auto ;; + tcp-data-split) + _wanted states expl state compadd auto on off + ;; *) case ${${(Mk)opt_args:#cmd?*}[1]#cmd?-} in -a|--show-pause) @@ -209,7 +215,7 @@ if [[ -n $state ]]; then 'rx-mini[change number of ring entries for the RX Mini ring]' \ 'rx-jumbo[change number of ring entries for the RX Jumbo ring]' \ 'tx[change number of ring entries for the TX ring]' \ - rx-buf-len cqe-size tx-push rx-push tx-push-buf-len + rx-buf-len tcp-data-split cqe-size tx-push rx-push tx-push-buf-len ;; -d|--register-dump) _values -S ' ' -w 'option' \ @@ -306,7 +312,7 @@ if [[ -n $state ]]; then '(weight default)equal' \ '(equal default)weight' \ '(equal weight)default' \ - hkey hfunc delete + hkey hfunc xfrm delete ;; -f|--flash) if (( CURRENT == 4 )); then diff --git a/Completion/Linux/Command/_iptables b/Completion/Linux/Command/_iptables index 892c48710..0a901f0f2 100644 --- a/Completion/Linux/Command/_iptables +++ b/Completion/Linux/Command/_iptables @@ -128,6 +128,27 @@ while ) ;; comment) args+=( '--comment[add comment to rule]:comment' ) ;; + connbytes) + args+=( + '--connbytes:size (min\:[max])' + '--connbytes-dir:packets:(original reply both)' + '--connbytes-mode:mode:(packets bytes avgpkt)' + ) + ;; + connlabel) + args+=( + '--label[match if label name has been set on a connection]:label' + '--set[set label on connection]' + ) + ;; + connlimit) + args+=( + --connlimit-{upto,above}:connections + '--connlimit-mask:prefix length' + --connlimit-{s,d}addr + ) + ;; + connmark) args+=( --mark:value ) ;; conntrack) args+=( '--ctstate[match packet state]:state:->cfstates' @@ -136,18 +157,69 @@ while '--ctorigdst[match original destination address]:*^!:network:_hosts' '--ctreplsrc[match reply source address]:*^!:network:_hosts' '--ctrepldst[match reply destination address]:*^!:network:_hosts' + --ct{orig,repl}{src,dst}port':port:_ports' '--ctstatus[match internal conntrack states]:state:(NONE EXPECTED SEEN_REPLY ASSURED)' '--ctexpire[match remaining lifetime]:time' + '--ctdir:direction:(original reply)' + ) + ;; + cpu) args+=( --cpu:number ) ;; + dccp) + args+=( + --{s,d,source-,destination-}port:port:_ports + '--dccp-types:type:_sequence compadd - REQUEST RESPONSE DATA ACK DATAACK CLOSEREQ CLOSE RESET SYNC SYNCACK INVALID' + --dccp-option:option ) ;; + devgroup) args+=( --{src,dst}group:name ) ;; dscp) args+=( '--dscp[match DSCP field]:value' '--dscp-class[match the DiffServ class]:class' ) ;; + dst) args+=( --dst-len:length --dst-opts:type ) ;; + ecn) args+=( --ecn-{tcp-{cwr,ece},ip-ect} ) ;; esp) args+=( '--espspi[match SPIs in ESP header]:*^!:spi' ) ;; + frag) + args+=( + --fragid:id --fraglen:length + --frag{res,first,more,last} + ) + ;; + hashlimit) + args+=( + --hashlimit-{upto,above,burst}:amount + '--hashlimit-mode:object:_sequence compadd - srcip srcport dstip dstport' + --hashlimit-{src,dst}mask:prefix + --hashlimit-name:name + --hashlimit-htable-size:buckets + --hashlimit-htable-max:entries + --hashlimit-htable-{expire,gcinterval}:msec + --hashlimit-rate-match + --hashlimit-rate-intervale:sec + ) + ;; + hbh) args+=( --hbh-len:length --hbh-opts:type ) ;; helper) args+=( '--helper[match packets related to a conntrack-helper]:helper:(ftp)' ) ;; + hl) args+=( --hl-{eq,lt,gt}:value ) ;; + icmp) args+=( --icmp-type:type ) ;; + icmp6) args+=( --icmpv6-type:type ) ;; + iprange) args+=( --{src,dst}-range':IP range' ) ;; + ipv6header) + args+=( + --soft + '--header:header(hop dst route frag auth esp none prot)' + ) + ;; + ipvs) + args+=( + --ipvs --vproto:protocol --vaddr:address + --vport{,ctl}':port:_ports' + '--vdir:directory:(ORIGINAL REPLY)' + '--vmethod:method:(GATE IPIP MASQ)' + ) + ;; length) args+=( '--length[match packet length]:length' ) ;; limit) args+=( @@ -164,32 +236,120 @@ while '--ports[match where source and destination ports are equal]:ports:->port-list' ) ;; + nfacct) args+=( --nfacct-name:name ) ;; + osf) args+=( --genre:string --{ttl,log}:level ) ;; owner) args+=( '--uid-owner[match packet by user id of creating process]:user id' '--gid-owner[match packet by ggroup id of creating process]:group id' '--pid-owner[match packet by process id of creating process]:process id:_pids' '--sid-owner[match packet by session id of creating process]:session id' - '--cmd-owner[match packet by name of creating command]:command:_command_names -e' + --suppl-groups --socket-exists ) ;; physdev) args+=( '--physdev-in[specify bridge port via which packet is received]:name' '--physdev-out[specify bridge port via which packet is sent]:name' + --physdev-is-{in,out,bridged} ) ;; pkttype) args+=( '--pkt-type[match link-layer packet type]:type:(unicast broadcast multicast)' ) ;; + policy) + args+=( + '--dir:direction:(in out)' + '(--strict)--pol:policy:(none ipsec)' + '(--pol)--strict' + --reqid:id --spi:id + '--proto:encapsulation protocol:(ah esp ipcomp)' + '--mode:encapsulation mode:(tunnel transport)' + --tunnel-{src,dst}:addr --next + ) + ;; + quota) args+=( '--quota:quota (bytes)' ) ;; + rateest) + args+=( + --rateest-{delta,lt,gt,eq} + --rateest{,1,2}:name + --rateest-{bps,pps}{,1,2}:value + ) + ;; + realm) args+=( --realm:value ) ;; + recent) + args+=( + --name:name --r{source,dest} --mask:netmask + '(--rcheck --update --remove)--set' + '(--set --update --remove)--rcheck' + '(--set --rcheck --remove)--update' + '(--set --rcheck --update)--remove' + --seconds:seconds --reap --hitcount:hits --rttl + ) + ;; + rpfilter) args+=( --loose --validmark --accept-local --invert ) ;; + rt) + args+=( + --rt-type:type --rt-segsleft:number --rt-len:length + --rt-0-{res,not-strict} --rt-0-addrs:address + ) + ;; + sctp) + args+=( + --{s,d,source-,destination-}port:port:_ports + '--chunk-types:match type:(all any only):chunk type' + ) + ;; + set) + args+=( + '--match-set:set: :flag' + --return-nomatch --update-counters --update-subcounters + --{packet,byte}s-{eq,lt,gt}:value + ) + ;; + socket) args+=( --transparent --nowildcard --restore-skmark ) ;; state) args+=( '--state[match packet state]:state:->states' ) ;; + statistic) args+=( --mode:mode --{probability,every,packet}:value ) ;; + string) + args+=( + '--algo:strategy:(bm kmp)' + --{from,to}:offset + --{,hex}string:pattern + -icase + ) + ;; + tcp) + args+=( + --{s,d,source-,destination-}port:port:_ports + '--tcp-flags:mask:->tcp-flags:comp:->tcp-flags' + --syn --tcp-option:option + ) + ;; + tcpmss) args+=( --mss:value ) ;; + time) + args+=( + --date{start,stop}:date --time{start,stop}:time + --{month,week}days:day + --contiguous --kerneltz + ) + ;; tos) args+=( '--tos[match type of service field]:type of service:->tos' ) ;; - ttl) args+=( '--ttl[match type to live]:TTL value' ) ;; + ttl) args+=( '--ttl-'{eq,lt,gt}':TTL value' ) ;; + u32) args+=( '--u32:tests' ) ;; + udp) args+=( --{s,d,source-,destination-}port:port:_ports ) ;; esac done +if (( CURRENT > 2 )); then + if [[ $words[CURRENT-1] = (|\\)\! && ! -prefix - ]]; then + args+=( '*: :compadd -S "" - -' ) + else + args+=( '*:negation:(!)' ) + fi +fi + _arguments -C -s \ '(-)'{-h,--help}'[print program information]' \ '(-)'{-V,--version}'[print version information]' \ @@ -211,13 +371,13 @@ _arguments -C -s \ "($cmds -s --src --source)"{-s,--src,--source}'[specify source]:*^!:network:_sequence _hosts' \ "($cmds -d --dst --destination)"{-d,--dst,--destination}'[specify destination]:*^!:network:_sequence _hosts' \ "($cmds -j --jump)"{-j,--jump}'[specify rule target]:target:->targets' \ + "($cmds -g --goto)"{-g,--goto}'[jump to chain with no return]:target:->targets' \ "($cmds -i --in-interface)"{-i,--in-interface}'[specify interface via which packet is received]:*^!:interface:_net_interfaces' \ "($cmds -o --out-interface)"{-o,--out-interface}'[specify interface via which packet is to be sent]:*^!:interface:_net_interfaces' \ "($cmds -f --fragment)"{-f,--fragment}'[match second or further fragments only]' \ "($cmds -D --delete -c --set-counters)"{-c,--set-counters}'[initialise packet and byte counters]:packets: :bytes' \ '(-v --verbose)'{-v,--verbose}'[enable verbose output]' \ '(-w --wait)'{-w,--wait}'[specify maximum wait to acquire xtables lock before giving up]: :_numbers -u seconds -d 1 wait' \ - '(-W --wait-interval)'{-W,--wait-interval}'[specify wait time to try to acquire xtables lock]: :_numbers -u usecs -d "1 second" wait' \ '(-n --numeric)'{-n,--numeric}'[print IP addresses and port numbers in numeric format]' \ '(-x --exact)'{-x,--exact}'[expand numbers (display exact values)]' \ '--line-numbers[print line numbers when listing]' \ diff --git a/Completion/Linux/Command/_selinux b/Completion/Linux/Command/_selinux index a7ba68952..22d78db7d 100644 --- a/Completion/Linux/Command/_selinux +++ b/Completion/Linux/Command/_selinux @@ -1,4 +1,4 @@ -#compdef audit2allow audit2why avcstat chcon checkmodule checkpolicy fixfiles getpidprevcon getsebool matchpathcon newrole restorecon runcon sealert secon sedta seinfo selinuxconlist selinuxdefcon selinuxexeccon semanage semodule semodule_unpackage sepolgen sepolicy sesearch sestatus setenforce setsebool validatetrans +#compdef audit2allow audit2why avcstat chcon checkmodule checkpolicy fixfiles getpidprevcon getsebool matchpathcon newrole restorecon runcon sealert secon sedismod sedta seinfo selinuxconlist selinuxdefcon selinuxexeccon semanage semodule semodule_unpackage sepolgen sepolicy sesearch sestatus setenforce setsebool validatetrans # encompasses checkpolicy libselinux-utils policycoreutils # policycoreutils-devel policycoreutils-python-utils setools-console @@ -127,6 +127,7 @@ case $service in "${ign}(-h --help)"{-h,--help}'[display help information]' '(-U --handle-unknown)'{-U+,--handle-unknown=}'[specify how the kernel should handle unknown classes or permissions]:action:(deny allow reject)' '(-M --mls)'{-M,--mls}'[enable the MLS policy when checking and compiling the policy]' + '(-N --disable-neverallow)'{-N,--disable-neverallow}"[don't check neverallow rules]" '(-o --output)'{-o+,--output=}'[write a policy file]:file:_files' '-c+[specify the policy version]:policy version [latest]' ':input file:_files' @@ -154,7 +155,6 @@ case $service in '--perm-map=[specify file name of perm map]:file:_files' '--interface-info=[specify file name of interface information]:file:_files' '(-x --xperms)'{-x,--xperms}'[generate extended permission rules]' - '--debug[leave generated modules for -M]' '(-w --why)'{-w,--why}'[translate SELinux audit messages into a description of why the access was denied]' "${ign}(-h --help)"{-h,--help}'[display help information]' "${ign}--version[display version information]" @@ -193,7 +193,7 @@ case $service in ;; checkmodule) - args=( + args+=( "${ign}(-)"{-V,--version}'[show policy versions created by this program]' '-m[build a policy module instead of a base module]' '-c+[build a policy module targeting a modular policy version]:version (4-21)' @@ -201,7 +201,7 @@ case $service in ;; checkpolicy) - args=( + args+=( '(-F --conf)'{-F,--conf}'[write policy.conf file rather than binary policy file]' '(-d --debug)'{-d,--debug}'[enter debug mode after loading the policy]' '(-S --sort)'{-S,--sort}'[sort ocontexts before writing out the binary policy]' @@ -347,6 +347,10 @@ case $service in ) ;; + sedismod) + args=( ':pp file:_files -g "*.pp(-.)"' ) + ;; + sedta) args=( '(-p --policy)'{-p+,--policy=}'[specify path to SELinux policy to analyze]:policy:_files' @@ -410,7 +414,10 @@ case $service in selinuxdefcon) args=( + '-r+[specify role]:role' '-l+[specify mcs/mls level]:level' + '-s+[specify service]:service' + '-v[verbose output]' ':user:_users' ':context:_selinux_contexts' ) @@ -726,8 +733,6 @@ case $service in '--auditallowxperm[search auditallowxperm rules]' '--dontaudit[search dontaudit rules]' '--dontauditxperm[search dontauditxperm rules]' - '--neverallow[search neverallow rules]' - '--neverallowxperm[search neverallowxperm rules]' '(-T --type_trans)'{-T,--type_trans}'[search type_transition rules]' '--type_change[search type_change rules]' '--type_member[search type_member rules]' diff --git a/Completion/Linux/Command/_sshfs b/Completion/Linux/Command/_sshfs index 3467fbd8a..48b308066 100644 --- a/Completion/Linux/Command/_sshfs +++ b/Completion/Linux/Command/_sshfs @@ -15,12 +15,13 @@ _arguments -C -S : \ '(-d --debug -f)'{-d,--debug}'[enable debug output]' \ '-f[foreground]' \ '-s[disable multithreaded operation]' \ + '(-v --verbose)'{-v,--verbose}'[print ssh replies and messages]' \ ':remote directory:_user_at_host -S:' \ ':mountpoint:_files -/' && ret=0 if [[ $state == options ]]; then # TODO complete ssh(1) options - _values -s , "options to ssh, sshfs, mount, or FUSE" \ + _values -s , "option to ssh, sshfs, mount, or FUSE" \ 'port:number' \ 'compression: :(yes no)' \ reconnect delay_connect sshfs_sync no_readahead sync_readdir \ @@ -42,14 +43,15 @@ if [[ $state == options ]]; then 'ssh_protocol:version:(1 2)' \ sftp_server:path:_files \ directport:port:_ports \ - slave disable_hardlink transform_symlinks follow_symlinks no_check_root password_stdin \ - debug \ - allow_other allow_root auto_unmount nonempty default_permissions \ + passive disable_hardlink transform_symlinks follow_symlinks no_check_root password_stdin \ + max_conns:number \ + debug nonempty default_permissions \ fsname:filesystem\ name \ subtype:filesystem\ type \ large_read \ max_read:max\ size \ - hard_remove use_ino readdir_ino direct_io kernel_cache auto_cache noauto_cache \ + hard_remove use_ino readdir_ino direct_io \ + kernel_cache auto_cache noauto_cache \ 'umask:permissions' \ 'uid:owner' 'gid:group' \ 'entry_timeout:timeout (seconds) [1]' \ @@ -58,6 +60,7 @@ if [[ $state == options ]]; then 'ac_attr_timeout:timeout (seconds) [= attr_timeout]' \ noforget \ 'remember:time (seconds)' \ + allow_other allow_root auto_unmount \ nopath intr \ 'intr_signal:signal [10]' \ modules:module \ diff --git a/Completion/Linux/Command/_valgrind b/Completion/Linux/Command/_valgrind index 5eaaea338..6bf0e4450 100644 --- a/Completion/Linux/Command/_valgrind +++ b/Completion/Linux/Command/_valgrind @@ -40,7 +40,7 @@ common_report_errors=( '--error-exitcode=-[exit code to return if errors found]:exit code' \ '--error-markers=-[add lines with begin/end markers before/after]:markers (begin,end)' \ '(--show-error-list)-s[show detected errors list and suppression counts at exit]' \ - '--show-error-list=-[show detected errors list and suppression counts at exit]:enable [no]:(yes no)' + '--show-error-list=-[show detected errors list and suppression counts at exit]:enable [no]:(yes no all)' '--keep-debuginfo=-[keep symbols etc for unloaded code]:enable:(yes no)' \ '--show-below-main=-[continue stack traces below main()]:enable [no]:(yes no)' \ '--default-suppression=-[load default suppressions]:enable [yes]:(yes no)' \ @@ -115,6 +115,7 @@ args_memcheck=( $args_addrcheck $common_read_varinfo $common_report_errors + '--show-realloc-size-zero=-[show reallocs with a size of zero]:enable [yes]:(yes no)' ) args_cachegrind=( @@ -215,12 +216,13 @@ _arguments -C ${(P)args} $cmd \ '--child-silent-after-fork=-[omit child output between fork & exec]:enable:(yes no)' \ '--vgdb=-[activate gdbserver]:enable [yes]:(yes no full)' \ '--vgdb-error=-[invoke gdbserver after specified number of errors]:errors [999999999]:errors' \ - '--vgdb-stop-at=-[invoke gdbserver for given events]:event:_sequence compadd - startup exit valgrindabexit all none' \ + '--vgdb-stop-at=-[invoke gdbserver for given events]:event:_sequence compadd - startup exit abexit valgrindabexit all none' \ '--track-fds=-[track open file descriptors]:enable [no]:(yes no all)' \ '--time-stamp=-[add timestamps to log messages]:enable:(yes no)' \ '--log-fd=-[log messages to specified file descriptor]:file descriptor:_file_descriptors' \ '--log-file=-[log messages to specified file with pid appended]:file:_files' \ '--log-socket=-[log messages to socket]:ipaddr\:port' \ + '--enable-debuginfod=-[query debuginfod servers for missing debuginfo]:enable [yes]:(no yes)' \ '*--fullpath-after=-[show full source paths in call stacks]::prefix to remove from paths:_directories' \ '--extra-debuginfo-path=-[specify absolute path to search for additional debug symbols]:path:_directories' \ '--debuginfo-server=-[specify server to query for debug symbols]:server:_hosts' \ @@ -233,6 +235,7 @@ _arguments -C ${(P)args} $cmd \ '--run-libc-freeres=-[free up glibc memory at exit]:enable [yes]:(yes no)' \ '--run-cxx-freeres=-[free up libstdc++ memory at exit]:enable [yes]:(yes no)' \ '--sim-hints=-[activate unusual sim behaviours]:hint [none]:_sequence compadd - lax-ioctls lax-doors fuse-compatible enable-outer no-inner-prefix no-nptl-pthread-stackcache fallback-llsc none' \ + '--scheduling-quantum=-[thread-scheduling timeslice in number of basic blocks]:blocks [100000]' \ '--fair-sched=-[schedule threads fairly on multicore systems]:enable [no]:(yes no try)' \ '--kernel-variant=-[handle non-standard kernel variants]:kernel variant:_sequence compadd - bproc android-no-hw-tls android-gpu-sgx5xx android-gpu-adreno3xx' \ '--merge-recursive-frames=-[merge frames between identical program counters in specified max frames]:frames [0]' \ @@ -247,6 +250,7 @@ _arguments -C ${(P)args} $cmd \ '--unw-stack-scan-thresh=-[enable stack-scan unwind if fewer than specified number of good frames found]:frames' \ '--resync-filter=-[attempt to avoid expensive address-space-resync operations]:enable:(yes no verbose)' \ '--max-threads=-[specify maximum number of threads that valgrind can handle]:threads [500]' \ + '--realloc-zero-bytes-frees=-[should calls to realloc() with a size of 0 free memory and return NULL]:enable:(yes no)' \ && return typeset -a tools diff --git a/Completion/Unix/Command/_abcde b/Completion/Unix/Command/_abcde index 3f748d373..6b09d87b5 100644 --- a/Completion/Unix/Command/_abcde +++ b/Completion/Unix/Command/_abcde @@ -21,7 +21,7 @@ _arguments -s -S -A "-*" \ '-m[create DOS-style playlists, modifying the resulting one by adding CRLF line endings those to work]' \ "-n[don't query CDDB database]" \ '-N[non interactive mode]' \ - '-o+[select output type]:output type [vorbis]:(vorbis ogg mp3 flac spx mpc m4a wav wv ape opus mka aiff)' \ + '-o+[select output type]:output type [vorbis]:_sequence compadd - vorbis ogg mp3 flac spx mpc m4a wav wv ape opus mka aiff' \ "-p[pads track numbers with 0's]" \ '-P[use Unix PIPES to read and encode in one step]' \ '-Q+[specify CD lookup methods]:lookup method [musicbrainz]:_sequence compadd - musicbrainz cddb cdtext' \ diff --git a/Completion/Unix/Command/_dig b/Completion/Unix/Command/_dig index c09bebbe5..440c5de90 100644 --- a/Completion/Unix/Command/_dig +++ b/Completion/Unix/Command/_dig @@ -5,8 +5,8 @@ local -a alts args [[ -prefix + ]] && args=( '*+'{no,}'tcp[use TCP instead of UDP for queries]' '*+'{no,}'ignore[ignore truncation in UDP responses]' - '*+domain=[set search list to single domain]:domain:_hosts' - '!*+dscp=:code point (0..63)' + '*+domain=-[set search list to single domain]:domain:_hosts' + '!*+dscp=-:code point (0..63)' '*+'{no,}'search[use search list defined in resolv.conf]' '!*+'{no,}defname '*+'{no,}'showsearch[show intermediate results in domain search]' @@ -20,27 +20,26 @@ local -a alts args '*+'{no,}'cookie[add a COOKIE option to the request]' '*+'{no,}'crypto[display cryptographic fields in DNSSEC records]' '*+'{no,}'dns64prefix[get the DNS64 prefixes from ipv4only.arpa]' - '*+edns=[specify EDNS version for query]:version (0-255)' + '*+edns=-[specify EDNS version for query]:version (0-255)' '*+noedns[clear EDNS version to be sent]' - '*+ednsflags=[set EDNS flags bits]:flags' + '*+ednsflags=-[set EDNS flags bits]:flags' '*+'{no,}'ednsnegotiation[set EDNS version negotiation]' - '*+ednsopt=[specify EDNS option]:code point' + '*+ednsopt=-[specify EDNS option]:code point' '*+noedns[clear EDNS options to be sent]' '*+'{no,}'expandaaaa[expand AAAA records]' '*+'{no,}'expire[send an EDNS Expire option]' '*+'{no,}'header-only[send query without a question section]' - '*+'{no,}'https=[DNS-over-HTTPS POST mode]::endpoint [/dns-query]' - '!*+'{no,}'https-post=::endpoint [/dns-query]' - '*+'{no,}'https-get=[DNS-over-HTTPS GET mode]::endpoint [/dns-query]' - '*+'{no,}'http-plain=[DNS-over-HTTP POST mode]::endpoint [/dns-query]' - '*+'{no,}'http-plain-get=[DNS-over-HTTP GET mode]::endpoint [/dns-query]' - '*+'{no,}'idnin[set processing of IDN domain names on input]' - '*+'{no,}'idnout[set conversion of IDN puny code on output]' + '*+'{no,}'https=-[DNS-over-HTTPS POST mode]::endpoint [/dns-query]' + '!*+'{no,}'https-post=-::endpoint [/dns-query]' + '*+'{no,}'https-get=-[DNS-over-HTTPS GET mode]::endpoint [/dns-query]' + '*+'{no,}'http-plain=-[DNS-over-HTTP POST mode]::endpoint [/dns-query]' + '*+'{no,}'http-plain-get=-[DNS-over-HTTP GET mode]::endpoint [/dns-query]' + '*+'{no,}'idn[convert international domain names]' '*+'{no,}'keepalive[request EDNS TCP keepalive]' '*+'{no,}'keepopen[keep TCP socket open between queries]' '*+'{no,}'recurse[set the RD (recursion desired) bit in the query]' '*+'{no,}'nssearch[search all authoritative nameservers]' - '*+opcode[set DNS message opcode of the request]:opcode [QUERY]:(QUERY IQUERY STATUS NOTIFY UPDATE)' + '*+opcode=-[set DNS message opcode of the request]:opcode [QUERY]:(QUERY IQUERY STATUS NOTIFY UPDATE)' '*+noopcode[clear DNS message opcode]' '*+'{no,}'trace[trace delegation down from root]' '*+'{no,}'cmd[print initial comment in output]' @@ -50,7 +49,9 @@ local -a alts args '*+'{no,}'comments[print comment lines in output]' '*+'{no,}'stats[print statistics]' '*+padding[set padding block size]:size [0]' - '*+qid=[specify query ID]:query ID' + '*+'{no,}'proxy=-[add PROXYv2 headers to queries]:src_addr[#src_port]-dst_addr[#dst_port]' + '*+'{no,}'proxy-plain=-[add PROXYv2 headers to queries ahead of any encryption]:src_addr[#src_port]-dst_addr[#dst_port]' + '*+qid=-[specify query ID]:query ID' '*+'{no,}'qr[print query as it was sent]' '*+'{no,}'question[print question section of a query]' '*+'{no,}'raflag[set RA flag in the query]' @@ -59,17 +60,17 @@ local -a alts args '*+'{no,}'all[set all print/display flags]' '*+'{no,}'subnet[send EDNS client subnet option]:addr/prefix-length' '*+'{no,}'tcflag[set TC flag in the query]' - '*+timeout=[set query timeout]:timeout (seconds) [5]' + '*+timeout=-[set query timeout]:timeout (seconds) [5]' '*+'{no,}'tls[DNS-over-TLS mode]' - '*+'{no,}"tls-ca=[enable remote server's TLS certificate validation]:file:_files" - '*+'{no,}"tls-hostname=[explicitly set the expected TLS hostname]:hostname" - '*+'{no,}'tls-certfile=[load client TLS certificate chain from file]:file:_files' - '*+'{no,}'tls-keyfile=[load client TLS private key from file]:file:_files' - '*+tries=[specify number of UDP query attempts]:tries' - '*+retry=[specify number of UDP query retries]:retries' + '*+'{no,}"tls-ca=-[enable remote server's TLS certificate validation]:file:_files" + '*+'{no,}"tls-hostname=-[explicitly set the expected TLS hostname]:hostname" + '*+'{no,}'tls-certfile=-[load client TLS certificate chain from file]:file:_files' + '*+'{no,}'tls-keyfile=-[load client TLS private key from file]:file:_files' + '*+tries=-[specify number of UDP query attempts]:tries' + '*+retry=-[specify number of UDP query retries]:retries' '*+'{no,}'rrcomments[set display of per-record comments]' - '*+ndots=[specify number of dots to be considered absolute]:dots' - '*+bufsize=[specify UDP buffer size]:size (bytes)' + '*+ndots=-[specify number of dots to be considered absolute]:dots' + '*+bufsize=-[specify UDP buffer size]:size (bytes)' '*+'{no,}'multiline[verbose multi-line output]' '*+'{no,}'onesoa[AXFR prints only one soa record]' '*+'{no,}"fail[don't try next server on SERVFAIL]" diff --git a/Completion/Unix/Command/_flac b/Completion/Unix/Command/_flac index 1773061ee..0197aaf92 100644 --- a/Completion/Unix/Command/_flac +++ b/Completion/Unix/Command/_flac @@ -14,9 +14,11 @@ shortops=( --show-total-samples --show-vendor-tag '--show-tag=:FLAC tag' + '--show-all-tags' '--remove-tag=:FLAC tag' '--remove-first-tag=:FLAC tag' --remove-all-tags + '--remove-all-tags-except=:tag' '*--set-tag=:FLAC tag and value: ' '*--set-tag-from-file=:tag' '--import-tags-from=:flat file:_files' @@ -60,7 +62,7 @@ case $service in '(H)--until=[stop at specified sample for each input]:stop (+-mm:ss.ss)' \ '(H)--ogg[use ogg as a transport layer]' \ '(H)--serial-number=[serial number to use for the FLAC stream]:serial number' \ - '(H --force-aiff-format --force-rf64-format --force-wave64-format)--format-raw-format' \ + '(H --force-aiff-format --force-rf64-format --force-wave64-format --force-legacy-wave-format --force-extensible-wave-format --force-aiff-c-none-format --force-aiff-c-sowt-format)--force-raw-format' \ '*:file:_files -F line -g "(#i)*.(${${opt_args[(i)decode-*]:+flac|oga}:-wav|aif|aiff|raw|rf64|w64})(-.)"' \ - 'H' \ '(-)'{-v,--version}'[display version information]' \ @@ -100,9 +102,13 @@ case $service in '(-F --decode-through-errors)'{-F,--decode-through-errors}'[continue decoding through stream errors]' \ '--apply-replaygain-which-is-not-lossless=:specification' \ '--cue=[set the beginning and ending cuepoints to decode]:cue point' \ - '(--force-raw-format --force-rf64-format --force-wave64-format)--force-aiff-format' \ - '(--force-raw-format --force-aiff-format --force-wave64-format)--force-rf64-format' \ - '(--force-raw-format --force-aiff-format --force-rf64-format)--force-wave64-format' \ + '(--force-raw-format --force-rf64-format --force-wave64-format --force-legacy-wave-format --force-extensible-wave-format --force-aiff-c-none-format --force-aiff-c-sowt-format)--force-aiff-format' \ + '(--force-raw-format --force-aiff-format --force-wave64-format --force-legacy-wave-format --force-extensible-wave-format --force-aiff-c-none-format --force-aiff-c-sowt-format)--force-rf64-format' \ + '(--force-raw-format --force-aiff-format --force-rf64-format --force-legacy-wave-format --force-extensible-wave-format --force-aiff-c-none-format --force-aiff-c-sowt-format)--force-wave64-format' \ + '(--force-raw-format --force-aiff-format --force-rf64-format --force-wave64-format --force-extensible-wave-format --force-aiff-c-none-format --force-aiff-c-sowt-format)--force-legacy-wave-format' \ + '(--force-raw-format --force-aiff-format --force-rf64-format --force-wave64-format --force-legacy-wave-format --force-aiff-c-none-format --force-aiff-c-sowt-format)--force-extensible-wave-format' \ + '(--force-raw-format --force-aiff-format --force-rf64-format --force-wave64-format --force-legacy-wave-format --force-extensible-wave-format --force-aiff-c-sowt-format)--force-aiff-c-none-format' \ + '(--force-raw-format --force-aiff-format --force-rf64-format --force-wave64-format --force-legacy-wave-format --force-extensible-wave-format --force-aiff-c-none-format)--force-aiff-c-sowt-format' ;; metaflac) _arguments -S $shared \ @@ -112,10 +118,11 @@ case $service in "*:FLAC file:_files -g \*.flac\(-.\)" \ - 'short' $shortops \ - 'list' $common --list \ + '--data-format=:format:(binary binary-headerless text)' \ '--application-data-format=:format:(text hexdump)' \ - 'remove' $common --remove \ - '(ops)' \ '(-)--help' '(-)--version' \ - --remove-all --merge-padding --sort-padding + --append --remove-all --merge-padding --sort-padding ;; esac diff --git a/Completion/Unix/Command/_gnutls b/Completion/Unix/Command/_gnutls index 9b8bcf6ea..4c1698857 100644 --- a/Completion/Unix/Command/_gnutls +++ b/Completion/Unix/Command/_gnutls @@ -24,6 +24,7 @@ case "$service" in gnutls-cli*) args+=( '(--app-proto --starttls-proto)'{--app-proto,--starttls-proto}"=[specify application protocol to use to obtain the server's certificate]:protocol:(https ftp smtp imap ldap xmpp lmtp pop3 nntp sieve postgres)" + '(-s --starttls)--starttls-name=[specify hostname presented to the application protocol for STARTTLS]:hostname' ':hostname:_hosts' ) ;| @@ -99,7 +100,7 @@ case "$service" in '--post-handshake-auth[enable post-handshake authentication under TLS1.3]' '--inline-commands[inline commands of the form ^^]' '--inline-commands-prefix=[change delimiter used for inline commands]:delimiter [^]' - '--fips140-mode[report status of FIPS140-3 mode in gnutls library]' + '--fips140-mode[report status of FIPS140-2 mode in gnutls library]' '--list-config[report configuration of the library]' '--logfile=[redirect informational messages to a specific file]:file:_files' '--waitresumption[block waiting for the resumption data under TLS1.3]' @@ -202,9 +203,11 @@ case "$service" in '--seed=[when generating a private key use the given seed]:seed (hex-encoded)' '--pubkey-info[print information on a public key]' '--to-p12[generate a PKCS #12 structure]' + '--pbmac1[use PBMAC1 in a PKCS #12 structure]' '(-8 --pkcs8)'{-8,--pkcs8}'[use PKCS #8 format for private keys]' '--hash=[specify hash algorithm for signing]:algorithm:(MD5 SHA1 RMD160)' '--salt-size=[specify the RSA-PSS key default salt size]:size' + '--label=[specify the RSA-OAEP label, encoded in hexadecimal]:label' {--inder,--inraw}'[use DER format for input certificates and private keys]' {--outder,--outraw}'[use DER format for output certificates and private keys]' '--template=[specify template file to use for non-interactive operation]:file:_files' diff --git a/Completion/Unix/Command/_jq b/Completion/Unix/Command/_jq index b8e41dd66..e8e6b0913 100644 --- a/Completion/Unix/Command/_jq +++ b/Completion/Unix/Command/_jq @@ -1,6 +1,7 @@ #compdef jq -# last updated for jq-1.5-1-a5b5cbe (debian package 1.5+dfsg-1.3) +local ign +(( $#words > 2 )) && ign='!' # Note: # Arguments to options must be in separate words. Thus, @@ -8,23 +9,27 @@ # is correct like that, without the usual {-f+,--from-file=} suffixes. # _arguments -S -s : \ - "--version[output jq's version number]" \ + "${ign}(- 1 *)"{-V,--version}'[display version information]' \ + "${ign}(- 1 *)"{-h,--help}'[display help information]' \ + "${ign}(- 1 *)--build-configuration[display jq's build configuration]" \ "--seq[use application/json-seq ASCII RS/LF scheme in input and output]" \ - "--stream[parse input streamily (changes output)]" \ - '(-s --slurp)'{-s,--slurp}'[join input JSON objects to array before filtering]' \ - '(-R --raw-input)'{-R,--raw-input}'[consider each input line as a JSON strings]' \ - '(-n --null-input)'{-n,--null-input}'[input is ignored]' \ + "(--stream-errors -n --null-input)--stream[parse the input value in streaming fashion]" \ + '(--stream -n --null-input)--stream-errors[parse the input value in streaming fashion with errors as an array]' \ + '(-s --slurp -n --null-input)'{-s,--slurp}'[read all inputs into an array and use it as single input value]' \ + '(-R --raw-input -n --null-input)'{-R,--raw-input}'[read each line as string instead of JSON]' \ + '(-n --null-input --stream --stream-errors -s --slurp -R --raw-input)'{-n,--null-input}'[use `null` as the single input value]' \ '(-c --compact-output)'{-c,--compact-output}"[don't pretty-print]" \ '(--indent)--tab[indent output using TAB characters]' \ - '(--tab)--indent[indent output using given number of spaces]:number of spaces (integer):(2 4 8)' \ + '(--tab)--indent[indent output using given number of spaces]:number of spaces (integer):(-1 0 1 2 3 4 5 6 7)' \ '(-C --color-output -M --monochrome-output)'{-C,--color-output}'[output in color]' \ '(-C --color-output -M --monochrome-output)'{-M,--monochrome-output}'[output without color]' \ - '(-a --ascii-output)'{-a,--ascii-output}'[restrict output to ASCII]' \ + '(-a --ascii-output)'{-a,--ascii-output}'[restrict output to ASCII using escape sequences]' \ '--unbuffered[flush output after each JSON object]' \ '(-S --sort-keys)'{-S,--sort-keys}'[output object keys in sorted order]' \ - '(-r --raw-output -j --join-output)'{-r,--raw-output}"[don't JSON-quote output if it's a string]" \ - '(-r --raw-output -j --join-output)'{-j,--join-output}"[like -r, without newlines between outputs]" \ - '(-f --from-file)'{-f,--from-file}'[read filter from file]:_files' \ + '(-r --raw-output -j --join-output --raw-output0)'{-r,--raw-output}"[don't JSON-quote output if it's a string]" \ + '(-r --raw-output -j --join-output)--raw-output0[like -r, with NUL after each output]' \ + '(-r --raw-output --raw-output0 -j --join-output)'{-j,--join-output}"[like -r, without newlines between outputs]" \ + '(-f --from-file)'{-f,--from-file}'[read filter from file]: :_files' \ '-L+[prepend a directory to the module search path]:_directories' \ '(-e --exit-status)'{-e,--exit-status}'[report "false" and "null" results via exit code]' \ '*--arg[pre-set a variable to a string]:variable name: :value (string)' \ diff --git a/Completion/Unix/Command/_pv b/Completion/Unix/Command/_pv index b21625650..0e1f148d5 100644 --- a/Completion/Unix/Command/_pv +++ b/Completion/Unix/Command/_pv @@ -20,6 +20,7 @@ _arguments -s -S $args \ '(-m --average-rate-window)'{-m+,--average-rate-window=}'[compute average rate over period]:duration (seconds) [30]' \ '(-b --bytes -8 --bits -F --format)'{-b,--bytes}'[show number of bytes transferred]' \ '(-8 --bits -b --bytes -F --format)'{-8,--bits}'[show number of bits transferred]' \ + '(-k --si)'{-k,--si}'[treat suffixes as multiples of 1000 rather than 1024]' \ '(-T --buffer-percent -F --format)'{-T,--buffer-percent}'[show percentage of transfer buffer in use]' \ '(-A --last-written -F --format)'{-A+,--last-written=}'[show number of bytes last written]:number (bytes)' \ '(-F --format -p --progress -t --timer -e --eta -I --fineta -r --rate -a --average-rate -b --bytes -T --buffer-percent -A --last-written -F --format)'{-F+,--format=}'[set output format]:format:->formats' \ @@ -28,19 +29,29 @@ _arguments -s -S $args \ '(-W --wait)'{-W,--wait}'[display nothing until first byte transferred]' \ '(-D --delay-start -R --remote)'{-D+,--delay-start=}'[display nothing until delay has passed]:delay (seconds)' \ '(-s --size)'{-s+,--size=}'[set estimated data size]: :_numbers -u bytes size K M G T' \ + '(-g --gauge)'{-g,--gauge}'[if size unknown, show rate vs max rate]' \ '(-l --line-mode -R --remote)'{-l,--line-mode}'[count lines instead of bytes]' \ '(-0 --null -l --line-mode)'{-0,--null}'[lines are null-terminated]' \ '(-i --interval)'{-i+,--interval=}'[update every after specified interval]:interval (seconds) [1]' \ + '(-m --average-rate-window)'{-m,--average-rate-window}'[compute average rate over past period]:period (seconds) [30]' \ '(-w --width)'{-w+,--width}'[assume terminal is specified characters wide]:width' \ '(-H --height)'{-H+,--height=}'[assume terminal is specified rows high]:height' \ '(-N --name)'{-N+,--name=}'[prefix visual information with given name]:name' \ + '(-x --extra-display)'{-x+,--extra-display=}'[also send progress to destination]:destination:_sequence - compadd windowtitle processtitle' \ + '(-v --stats)'{-v,--stats}'[output transfer statistics at the end]' \ '(-f --force -R --remote)'{-f,--force}'[output even if standard error is not a terminal]' \ '(-c --cursor -R --remote)'{-c,--cursor}'[use cursor positioning escape sequences]' \ + '(-o --output)'{-o+,--output=}'[write output to file instead of stdout]:file:_files' \ '(-L --rate-limit)'{-L+,--rate-limit=}'[limit transfer rate]: :_numbers -u "bytes per second" rate K M G T' \ '(-B --buffer-size)'{-B+,--buffer-size=}'[use a buffer size of given size]: :_numbers -u bytes size K M G T' \ '(-C --no-splice)'{-C,--no-splice}'[never use splice(), always use read/write]' \ '(-R --remote)*'{-E,--skip-errors}"[skip read errors in input${Edesc}]" \ + '(-Z --error-skip-block)'{-Z+,--error-skip-block=}'[skip whole blocks on errors]: :_numbers -u bytes "block size" K M G T' \ '(-S --stop-at-size -R --remote)'{-S,--stop-at-size}'[stop after --size bytes have been transferred]' \ + '(-Y --sync)'{-Y,--sync}'[flush cache to disk after every write]' \ + '(-K --direct-io)'{-K,--direct-io}'[use direct I/O to bypass cache]' \ + '(-X --discard)'{-X,--discard}'[discard input instead of writing to output]' \ + '(-U --store-and-forward)'{-U+,--store-and-forward=}'[write all input to file before writing to output]:file:_files' \ '(-R --remote -c --cursor -l --line-mode -f --force -D --delay-start -E --skip-errors -S --stop-at-size)'{-R+,--remote=}'[update settings of specified process]:process:_pids -m pv' \ '(-P --pidfile)'{-P+,--pidfile=}'[save process id in a file]:file:_files' \ "${ign}(- *)"{-h,--help}'[display usage information]' \ diff --git a/Completion/Unix/Command/_sqlite b/Completion/Unix/Command/_sqlite index 6f0b1de94..a83624083 100644 --- a/Completion/Unix/Command/_sqlite +++ b/Completion/Unix/Command/_sqlite @@ -56,6 +56,7 @@ options+=( $^dashes'-newline[set output row separator]:separator [\n]' $^dashes'-nofollow[refuse to open symbolic links to database files]' $^dashes'-nonce[set the safe-mode escape nonce]:string' + $^dashes'-no-rowid-in-view[disable rowid-in-view using sqlite3_config()]' $^dashes'-pagecache[specify size and number of slots for page cache memory]:size (bytes): :slots' $^dashes'-pcachetrace[trace all page cache operations]' $^dashes'-readonly[open the database read-only]' @@ -63,6 +64,7 @@ options+=( $^dashes'-stats[print memory stats before each finalize]' $^dashes'-unsafe-testing[allow unsafe commands and modes for testing]' $^dashes'-vfs[use specified default VFS]:vfs:(unix-dotfile unix-excl unix-none unix-namedsem)' + $^dashes'-vfstrace[enable tracing of all VFS calls]' $^dashes'-zip[open the file as a ZIP Archive]' ) diff --git a/Completion/Unix/Command/_ssh b/Completion/Unix/Command/_ssh index 5e6e60573..d8c27c65f 100644 --- a/Completion/Unix/Command/_ssh +++ b/Completion/Unix/Command/_ssh @@ -62,7 +62,7 @@ _ssh () { '(-v)*-q[quiet operation]' \ '*-R+[specify remote port forwarding]:remote port forwarding:->forward' \ '-S+[specify location of control socket for connection sharing]:path to control socket:_files' \ - '-Q+[query parameters]:query option:((cipher\:"supported symmetric ciphers" cipher-auth\:"supported symmetric ciphers that support authenticated encryption" compression mac\:"supported message integrity codes" kex\:"key exchange algorithms" kex-gss\:"GSSAPI key exchange algorithms" key\:"key types" key-cert\:"certificate key types" key-plain\:"non-certificate key types" key-sig\:"all key types and signature algorithms" protocol-version\:"supported SSH protocol versions" sig\:"supported signature algorithms" help\:"show supported queries" HostbasedAcceptedAlgorithms HostKeyAlgorithms KexAlgorithms MACs PubkeyAcceptedAlgorithms))' \ + '(- 1 *)-Q+[query parameters]:query option:((cipher\:"supported symmetric ciphers" cipher-auth\:"supported symmetric ciphers that support authenticated encryption" compression mac\:"supported message integrity codes" kex\:"key exchange algorithms" kex-gss\:"GSSAPI key exchange algorithms" key\:"key types" key-cert\:"certificate key types" key-plain\:"non-certificate key types" key-sig\:"all key types and signature algorithms" protocol-version\:"supported SSH protocol versions" sig\:"supported signature algorithms" help\:"show supported queries" HostbasedAcceptedAlgorithms HostKeyAlgorithms KexAlgorithms MACs PubkeyAcceptedAlgorithms))' \ '-s[invoke subsystem]' \ '(-t)-T[disable pseudo-tty allocation]' \ "(-T)*-t[force pseudo-tty allocation${tdesc}]" \ @@ -280,6 +280,7 @@ _ssh () { '-O+[specify a key/value option]: : _values option "hashalg[select a hash algorithm to use with -D]\:algorithm [both]\:(sha1 sha256)"' \ '-p+[specify port on remote host]:port number on remote host' \ + "-q[don't print server host name and banners in comments]" \ '-T+[specify timeout]: :_numbers -u seconds -d 5 timeout \:s\:seconds m\:minutes h\:hours d\:days w\:weeks' \ '-t+[specify key types to fetch from scanned hosts]:key type:_sequence compadd - rsa dsa ecdsa ed25519' \ '-v[verbose mode]' @@ -300,9 +301,13 @@ _ssh () { _arguments \ '-i+[select identity file]:SSH identity file:_files -g "*(-.^AR)"' \ '-f[copy keys without trying to check if they are already installed]' \ + '-F+[specify alternate config file]:config file:_files' \ '-n[dry run - no keys are actually copied]' \ '*-o+[specify ssh options]:option string:->option' \ '-p+[specify port on remote host]:port number on remote host' \ + '-s[upload public keys with sftp]' \ + '-t+[specify path on target system]:path [.ssh/authorized_keys]' \ + '-x[debug script by turning on command tracing]' \ '(- 1)'{-h,-\?}'[display usage information]' \ ':remote host name:->userhost' && ret=0 ;; @@ -359,6 +364,10 @@ _ssh () { (#i)canonicalizepermittedcnames=*) _message -e 'CNAME rule list (source_domain_list:target_domain_list, each pattern list comma separated)' && ret=0 ;; + (#i)channeltimeout=*) + _values 'channel type' \ + {agent-connection,direct-tcpip,forwarded-tcpip,session,tun-connection,x11-connection}:interval:'_numbers -u seconds timeout :s:seconds m:minutes h:hours d:days w:weeks' && ret=0 + ;; (#i)ciphers=*) state=ciphers ;; @@ -584,6 +593,7 @@ _ssh () { CanonicalizePermittedCNAMEs \ CASignatureAlgorithms \ CertificateFile \ + ChannelTimeout \ CheckHostIP \ Ciphers \ ClearAllForwardings \ diff --git a/Completion/X/Command/_zeal b/Completion/X/Command/_zeal index 334331d40..024b8c381 100644 --- a/Completion/X/Command/_zeal +++ b/Completion/X/Command/_zeal @@ -8,6 +8,7 @@ _arguments -S \ ':query:->queries' \ + '(opt)' \ {-h,--help}'[display help information]' \ + --help-all'[display help, including generic Qt options]' \ {-v,--version}'[display version information]' \ {-f,--force}'[force the application to run]' && ret=0 -- cgit v1.2.3