Merge pull request #437 from smcv/zsh

Improve zsh completion

2 files changed, 60 insertions, 47 deletions

diff --git a/completions/zsh/_bwrap b/completions/zsh/_bwrap
index 88c9b35..5a9d2fd 100755
--- a/completions/zsh/_bwrap
+++ b/completions/zsh/_bwrap
@@ -1,64 +1,77 @@
 #compdef bwrap
 
+_bwrap_args_after_perms=(
+    # Please sort alphabetically (in LC_ALL=C order) by option name
+    '--bind-data[Copy from FD to file which is bind-mounted on DEST]: :_guard "[0-9]#" "file descriptor to read content":destination:_files'
+    '--dir[Create dir at DEST]:directory to create:_files -/'
+    '--file[Copy from FD to destination DEST]: :_guard "[0-9]#" "file descriptor to read content from":destination:_files'
+    '--ro-bind-data[Copy from FD to file which is readonly bind-mounted on DEST]: :_guard "[0-9]#" "file descriptor to read content from":destination:_files'
+    '--tmpfs[Mount new tmpfs on DEST]:mount point for tmpfs:_files -/'
+)
+
 _bwrap_args=(
     '*::arguments:_normal'
+    $_bwrap_args_after_perms
+
+    # Please sort alphabetically (in LC_ALL=C order) by option name
+    '--args[Parse NUL-separated args from FD]: :_guard "[0-9]#" "file descriptor with NUL-separated arguments"'
+    '--as-pid-1[Do not install a reaper process with PID=1]'
+    '--bind-try[Equal to --bind but ignores non-existent SRC]:source:_files:destination:_files'
+    '--bind[Bind mount the host path SRC on DEST]:source:_files:destination:_files'
+    '--block-fd[Block on FD until some data to read is available]: :_guard "[0-9]#" "file descriptor to block on"'
+    '--cap-add[Add cap CAP when running as privileged user]:capability to add:->caps'
+    '--cap-drop[Drop cap CAP when running as privileged user]:capability to add:->caps'
+    '--chdir[Change directory to DIR]:working directory for sandbox: _files -/'
+    '--chmod[Set permissions]: :_guard "[0-7]#" "permissions in octal":path to set permissions:_files'
+    '--clearenv[Unset all environment variables]'
+    '--dev-bind-try[Equal to --dev-bind but ignores non-existent SRC]:source:_files:destination:_files'
+    '--dev-bind[Bind mount the host path SRC on DEST, allowing device access]:source:_files:destination:_files'
+    '--dev[Mount new dev on DEST]:mount point for /dev:_files -/'
+    "--die-with-parent[Kills with SIGKILL child process (COMMAND) when bwrap or bwrap's parent dies.]"
+    '--exec-label[Exec label for the sandbox]:SELinux label:_selinux_contexts'
+    '--file-label[File label for temporary sandbox content]:SELinux label:_selinux_contexts'
+    '--gid[Custom gid in the sandbox (requires --unshare-user or --userns)]: :_guard "[0-9]#" "numeric group ID"'
     '--help[Print help and exit]'
-    '--version[Print version]'
-    '--args[Parse NUL-separated args from FD]: :'
+    '--hostname[Custom hostname in the sandbox (requires --unshare-uts)]:hostname:'
+    '--info-fd[Write information about the running container to FD]: :_guard "[0-9]#" "file descriptor to write to"'
+    '--json-status-fd[Write container status to FD as multiple JSON documents]: :_guard "[0-9]#" "file descriptor to write to"'
+    '--lock-file[Take a lock on DEST while sandbox is running]:lock file:_files'
+    '--mqueue[Mount new mqueue on DEST]:mount point for mqueue:_files -/'
+    '--new-session[Create a new terminal session]'
+    '--perms[Set permissions for next action argument]: :_guard "[0-7]#" "permissions in octal": :->after_perms'
+    '--pidns[Use this user namespace (as parent namespace if using --unshare-pid)]: :'
+    '--proc[Mount new procfs on DEST]:mount point for procfs:_files -/'
+    '--remount-ro[Remount DEST as readonly; does not recursively remount]:mount point to remount read-only:_files'
+    '--ro-bind-try[Equal to --ro-bind but ignores non-existent SRC]:source:_files:destination:_files'
+    '--ro-bind[Bind mount the host path SRC readonly on DEST]:source:_files:destination:_files'
+    '--seccomp[Load and use seccomp rules from FD]: :_guard "[0-9]#" "file descriptor to read seccomp rules from"'
+    '--setenv[Set an environment variable]:variable to set:_parameters -g "*export*":value of variable: :'
+    '--symlink[Create symlink at DEST with target SRC]:symlink target:_files:symlink to create:_files:'
+    '--sync-fd[Keep this fd open while sandbox is running]: :_guard "[0-9]#" "file descriptor to keep open"'
+    '--uid[Custom uid in the sandbox (requires --unshare-user or --userns)]: :_guard "[0-9]#" "numeric group ID"'
+    '(--clearenv)--unsetenv[Unset an environment variable]:variable to unset:_parameters -g "*export*"'
     '--unshare-all[Unshare every namespace we support by default]'
-    '(--userns --userns2)--unshare-user[Create new user namespace (may be automatically implied if not setuid)]'
-    '--unshare-user-try[Create new user namespace if possible else continue by skipping it]'
+    '--unshare-cgroup-try[Create new cgroup namespace if possible else continue by skipping it]'
+    '--unshare-cgroup[Create new cgroup namespace]'
     '--unshare-ipc[Create new ipc namespace]'
-    '--unshare-pid[Create new pid namespace]'
     '--unshare-net[Create new network namespace]'
+    '--unshare-pid[Create new pid namespace]'
+    '(--userns --userns2)--unshare-user[Create new user namespace (may be automatically implied if not setuid)]'
+    '--unshare-user-try[Create new user namespace if possible else continue by skipping it]'
     '--unshare-uts[Create new uts namespace]'
-    '--unshare-cgroup[Create new cgroup namespace]'
-    '--unshare-cgroup-try[Create new cgroup namespace if possible else continue by skipping it]'
     '(--unshare-user)--userns[Use this user namespace (cannot combine with --unshare-user)]: :'
-    '(--unshare-user)--userns2[After setup switch to this user namspace, only useful with --userns]: :'
-    '--pidns[Use this user namespace (as parent namespace if using --unshare-pid)]: :'
-    '--uid[Custom uid in the sandbox (requires --unshare-user or --userns)]: :'
-    '--gid[Custom gid in the sandbox (requires --unshare-user or --userns)]: :'
-    '--hostname[Custom hostname in the sandbox (requires --unshare-uts)]: :'
-    '--chdir DIR[Change directory to DIR]: : _files -/'
-    '--setenv[Set an environment variable]: :'
-    '--unsetenv[Unset an environment variable]: :'
-    '--lock-file[Take a lock on DEST while sandbox is running]: :'
-    '--sync-fd[Keep this fd open while sandbox is running]: :'
-    '--bind[Bind mount the host path SRC on DEST]: : _files -/ :'
-    '--bind-try[Equal to --bind but ignores non-existent SRC]: : _files -/ :'
-    '--dev-bind[Bind mount the host path SRC on DEST, allowing device access]: : _files -/ :'
-    '--dev-bind-try[Equal to --dev-bind but ignores non-existent SRC]: : _files -/ :'
-    '--ro-bind[Bind mount the host path SRC readonly on DEST]: : _files -/ :'
-    '--ro-bind-try[Equal to --ro-bind but ignores non-existent SRC]: : _files -/ :'
-    '--remount-ro[Remount DEST as readonly; does not recursively remount]: :'
-    '--exec-label[Exec label for the sandbox]: :'
-    '--file-label[File label for temporary sandbox content]: :'
-    '--proc[Mount new procfs on DEST]: :'
-    '--dev[Mount new dev on DEST]: :'
-    '--tmpfs[Mount new tmpfs on DEST]: :'
-    '--mqueue[Mount new mqueue on DEST]: :'
-    '--dir[Create dir at DEST]: :'
-    '--file[Copy from FD to destination DEST]: : :'
-    '--bind-data[Copy from FD to file which is bind-mounted on DEST]: : :'
-    '--ro-bind-data[Copy from FD to file which is readonly bind-mounted on DEST]: : :'
-    '--symlink[Create symlink at DEST with target SRC]: : :'
-    '--seccomp[Load and use seccomp rules from FD]: :'
-    '--block-fd[Block on FD until some data to read is available]: :'
-    '--userns-block-fd[Block on FD until the user namespace is ready]: :'
-    '--info-fd[Write information about the running container to FD]: :'
-    '--json-status-fd[Write container status to FD as multiple JSON documents]: :'
-    '--new-session[Create a new terminal session]'
-    "--die-with-parent[Kills with SIGKILL child process (COMMAND) when bwrap or bwrap's parent dies.]"
-    '--as-pid-1[Do not install a reaper process with PID=1]'
-    '--cap-add[Add cap CAP when running as privileged user]: :->caps'
-    '--cap-drop[Drop cap CAP when running as privileged user]: :->caps'
+    '--userns-block-fd[Block on FD until the user namespace is ready]: :_guard "[0-9]#" "file descriptor to block on"'
+    '(--unshare-user)--userns2[After setup switch to this user namespace, only useful with --userns]: :'
+    '--version[Print version]'
 )
 
-
 _bwrap() {
     _arguments -S $_bwrap_args
     case "$state" in
+        after_perms)
+            _values -S ' ' 'option' $_bwrap_args_after_perms
+            ;;
+
         caps)
             # $ grep -E '#define\sCAP_\w+\s+[0-9]+' /usr/include/linux/capability.h | awk '{print $2}' | xargs echo
             local all_caps=(
diff --git a/configure.ac b/configure.ac
index 3e761a0..33b75cf 100644
--- a/configure.ac
+++ b/configure.ac
@@ -66,7 +66,7 @@ else
 fi
 
 
-AC_SUBST([ZSH_COMPLETION_DIR])                                                   
+AC_SUBST([ZSH_COMPLETION_DIR])
 AM_CONDITIONAL([ENABLE_ZSH_COMPLETION], [test "x$with_zsh_completion_dir" != "xno"])
 
 # ------------------------------------------------------------------------------