From 9d3e834525ab82d2953f471ebba9dce57031e652 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Thu, 24 Jun 2021 10:03:30 +0100 Subject: configure.ac: Remove trailing whitespace Signed-off-by: Simon McVittie --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 3e761a0..33b75cf 100644 --- a/configure.ac +++ b/configure.ac @@ -66,7 +66,7 @@ else fi -AC_SUBST([ZSH_COMPLETION_DIR]) +AC_SUBST([ZSH_COMPLETION_DIR]) AM_CONDITIONAL([ENABLE_ZSH_COMPLETION], [test "x$with_zsh_completion_dir" != "xno"]) # ------------------------------------------------------------------------------ -- cgit v1.2.1 From da59325665b38b09cbb3c3c73c7e0030fdef9529 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Thu, 24 Jun 2021 10:06:37 +0100 Subject: zsh: Sort completions in LC_ALL=C order Where the order doesn't matter, a deterministic order minimizes conflicts. Signed-off-by: Simon McVittie --- completions/zsh/_bwrap | 86 ++++++++++++++++++++++++++------------------------ 1 file changed, 44 insertions(+), 42 deletions(-) diff --git a/completions/zsh/_bwrap b/completions/zsh/_bwrap index 88c9b35..5217a75 100755 --- a/completions/zsh/_bwrap +++ b/completions/zsh/_bwrap @@ -2,57 +2,59 @@ _bwrap_args=( '*::arguments:_normal' - '--help[Print help and exit]' - '--version[Print version]' + + # Please sort alphabetically (in LC_ALL=C order) by option name '--args[Parse NUL-separated args from FD]: :' - '--unshare-all[Unshare every namespace we support by default]' - '(--userns --userns2)--unshare-user[Create new user namespace (may be automatically implied if not setuid)]' - '--unshare-user-try[Create new user namespace if possible else continue by skipping it]' - '--unshare-ipc[Create new ipc namespace]' - '--unshare-pid[Create new pid namespace]' - '--unshare-net[Create new network namespace]' - '--unshare-uts[Create new uts namespace]' - '--unshare-cgroup[Create new cgroup namespace]' - '--unshare-cgroup-try[Create new cgroup namespace if possible else continue by skipping it]' - '(--unshare-user)--userns[Use this user namespace (cannot combine with --unshare-user)]: :' - '(--unshare-user)--userns2[After setup switch to this user namspace, only useful with --userns]: :' - '--pidns[Use this user namespace (as parent namespace if using --unshare-pid)]: :' - '--uid[Custom uid in the sandbox (requires --unshare-user or --userns)]: :' - '--gid[Custom gid in the sandbox (requires --unshare-user or --userns)]: :' - '--hostname[Custom hostname in the sandbox (requires --unshare-uts)]: :' - '--chdir DIR[Change directory to DIR]: : _files -/' - '--setenv[Set an environment variable]: :' - '--unsetenv[Unset an environment variable]: :' - '--lock-file[Take a lock on DEST while sandbox is running]: :' - '--sync-fd[Keep this fd open while sandbox is running]: :' - '--bind[Bind mount the host path SRC on DEST]: : _files -/ :' + '--as-pid-1[Do not install a reaper process with PID=1]' + '--bind-data[Copy from FD to file which is bind-mounted on DEST]: : :' '--bind-try[Equal to --bind but ignores non-existent SRC]: : _files -/ :' - '--dev-bind[Bind mount the host path SRC on DEST, allowing device access]: : _files -/ :' + '--bind[Bind mount the host path SRC on DEST]: : _files -/ :' + '--block-fd[Block on FD until some data to read is available]: :' + '--cap-add[Add cap CAP when running as privileged user]: :->caps' + '--cap-drop[Drop cap CAP when running as privileged user]: :->caps' + '--chdir DIR[Change directory to DIR]: : _files -/' '--dev-bind-try[Equal to --dev-bind but ignores non-existent SRC]: : _files -/ :' - '--ro-bind[Bind mount the host path SRC readonly on DEST]: : _files -/ :' - '--ro-bind-try[Equal to --ro-bind but ignores non-existent SRC]: : _files -/ :' - '--remount-ro[Remount DEST as readonly; does not recursively remount]: :' - '--exec-label[Exec label for the sandbox]: :' - '--file-label[File label for temporary sandbox content]: :' - '--proc[Mount new procfs on DEST]: :' + '--dev-bind[Bind mount the host path SRC on DEST, allowing device access]: : _files -/ :' '--dev[Mount new dev on DEST]: :' - '--tmpfs[Mount new tmpfs on DEST]: :' - '--mqueue[Mount new mqueue on DEST]: :' + "--die-with-parent[Kills with SIGKILL child process (COMMAND) when bwrap or bwrap's parent dies.]" '--dir[Create dir at DEST]: :' + '--exec-label[Exec label for the sandbox]: :' + '--file-label[File label for temporary sandbox content]: :' '--file[Copy from FD to destination DEST]: : :' - '--bind-data[Copy from FD to file which is bind-mounted on DEST]: : :' - '--ro-bind-data[Copy from FD to file which is readonly bind-mounted on DEST]: : :' - '--symlink[Create symlink at DEST with target SRC]: : :' - '--seccomp[Load and use seccomp rules from FD]: :' - '--block-fd[Block on FD until some data to read is available]: :' - '--userns-block-fd[Block on FD until the user namespace is ready]: :' + '--gid[Custom gid in the sandbox (requires --unshare-user or --userns)]: :' + '--help[Print help and exit]' + '--hostname[Custom hostname in the sandbox (requires --unshare-uts)]: :' '--info-fd[Write information about the running container to FD]: :' '--json-status-fd[Write container status to FD as multiple JSON documents]: :' + '--lock-file[Take a lock on DEST while sandbox is running]: :' + '--mqueue[Mount new mqueue on DEST]: :' '--new-session[Create a new terminal session]' - "--die-with-parent[Kills with SIGKILL child process (COMMAND) when bwrap or bwrap's parent dies.]" - '--as-pid-1[Do not install a reaper process with PID=1]' - '--cap-add[Add cap CAP when running as privileged user]: :->caps' - '--cap-drop[Drop cap CAP when running as privileged user]: :->caps' + '--pidns[Use this user namespace (as parent namespace if using --unshare-pid)]: :' + '--proc[Mount new procfs on DEST]: :' + '--remount-ro[Remount DEST as readonly; does not recursively remount]: :' + '--ro-bind-data[Copy from FD to file which is readonly bind-mounted on DEST]: : :' + '--ro-bind-try[Equal to --ro-bind but ignores non-existent SRC]: : _files -/ :' + '--ro-bind[Bind mount the host path SRC readonly on DEST]: : _files -/ :' + '--seccomp[Load and use seccomp rules from FD]: :' + '--setenv[Set an environment variable]: :' + '--symlink[Create symlink at DEST with target SRC]: : :' + '--sync-fd[Keep this fd open while sandbox is running]: :' + '--tmpfs[Mount new tmpfs on DEST]: :' + '--uid[Custom uid in the sandbox (requires --unshare-user or --userns)]: :' + '--unsetenv[Unset an environment variable]: :' + '--unshare-all[Unshare every namespace we support by default]' + '--unshare-cgroup-try[Create new cgroup namespace if possible else continue by skipping it]' + '--unshare-cgroup[Create new cgroup namespace]' + '--unshare-ipc[Create new ipc namespace]' + '--unshare-net[Create new network namespace]' + '--unshare-pid[Create new pid namespace]' + '(--userns --userns2)--unshare-user[Create new user namespace (may be automatically implied if not setuid)]' + '--unshare-user-try[Create new user namespace if possible else continue by skipping it]' + '--unshare-uts[Create new uts namespace]' + '(--unshare-user)--userns[Use this user namespace (cannot combine with --unshare-user)]: :' + '--userns-block-fd[Block on FD until the user namespace is ready]: :' + '(--unshare-user)--userns2[After setup switch to this user namspace, only useful with --userns]: :' + '--version[Print version]' ) -- cgit v1.2.1 From 2e70a23f587a87d91ccee0e613b9d01c6f4bb94f Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Thu, 24 Jun 2021 10:07:55 +0100 Subject: zsh: Don't limit --bind options to completing directories You can mount a non-directory onto a non-directory. Signed-off-by: Simon McVittie --- completions/zsh/_bwrap | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/completions/zsh/_bwrap b/completions/zsh/_bwrap index 5217a75..b6b2369 100755 --- a/completions/zsh/_bwrap +++ b/completions/zsh/_bwrap @@ -7,14 +7,14 @@ _bwrap_args=( '--args[Parse NUL-separated args from FD]: :' '--as-pid-1[Do not install a reaper process with PID=1]' '--bind-data[Copy from FD to file which is bind-mounted on DEST]: : :' - '--bind-try[Equal to --bind but ignores non-existent SRC]: : _files -/ :' - '--bind[Bind mount the host path SRC on DEST]: : _files -/ :' + '--bind-try[Equal to --bind but ignores non-existent SRC]: : _files :' + '--bind[Bind mount the host path SRC on DEST]: : _files :' '--block-fd[Block on FD until some data to read is available]: :' '--cap-add[Add cap CAP when running as privileged user]: :->caps' '--cap-drop[Drop cap CAP when running as privileged user]: :->caps' '--chdir DIR[Change directory to DIR]: : _files -/' - '--dev-bind-try[Equal to --dev-bind but ignores non-existent SRC]: : _files -/ :' - '--dev-bind[Bind mount the host path SRC on DEST, allowing device access]: : _files -/ :' + '--dev-bind-try[Equal to --dev-bind but ignores non-existent SRC]: : _files :' + '--dev-bind[Bind mount the host path SRC on DEST, allowing device access]: : _files :' '--dev[Mount new dev on DEST]: :' "--die-with-parent[Kills with SIGKILL child process (COMMAND) when bwrap or bwrap's parent dies.]" '--dir[Create dir at DEST]: :' @@ -33,8 +33,8 @@ _bwrap_args=( '--proc[Mount new procfs on DEST]: :' '--remount-ro[Remount DEST as readonly; does not recursively remount]: :' '--ro-bind-data[Copy from FD to file which is readonly bind-mounted on DEST]: : :' - '--ro-bind-try[Equal to --ro-bind but ignores non-existent SRC]: : _files -/ :' - '--ro-bind[Bind mount the host path SRC readonly on DEST]: : _files -/ :' + '--ro-bind-try[Equal to --ro-bind but ignores non-existent SRC]: : _files :' + '--ro-bind[Bind mount the host path SRC readonly on DEST]: : _files :' '--seccomp[Load and use seccomp rules from FD]: :' '--setenv[Set an environment variable]: :' '--symlink[Create symlink at DEST with target SRC]: : :' -- cgit v1.2.1 From 70fce370c0acdb418629b4bf81d2558126ec452f Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Thu, 24 Jun 2021 10:13:10 +0100 Subject: zsh: Improve completions for simple fd-based arguments This pattern accepts a decimal integer and gives it a label. Signed-off-by: Simon McVittie --- completions/zsh/_bwrap | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/completions/zsh/_bwrap b/completions/zsh/_bwrap index b6b2369..d6a8488 100755 --- a/completions/zsh/_bwrap +++ b/completions/zsh/_bwrap @@ -4,12 +4,12 @@ _bwrap_args=( '*::arguments:_normal' # Please sort alphabetically (in LC_ALL=C order) by option name - '--args[Parse NUL-separated args from FD]: :' + '--args[Parse NUL-separated args from FD]: :_guard "[0-9]#" "file descriptor with NUL-separated arguments"' '--as-pid-1[Do not install a reaper process with PID=1]' '--bind-data[Copy from FD to file which is bind-mounted on DEST]: : :' '--bind-try[Equal to --bind but ignores non-existent SRC]: : _files :' '--bind[Bind mount the host path SRC on DEST]: : _files :' - '--block-fd[Block on FD until some data to read is available]: :' + '--block-fd[Block on FD until some data to read is available]: :_guard "[0-9]#" "file descriptor to block on"' '--cap-add[Add cap CAP when running as privileged user]: :->caps' '--cap-drop[Drop cap CAP when running as privileged user]: :->caps' '--chdir DIR[Change directory to DIR]: : _files -/' @@ -24,8 +24,8 @@ _bwrap_args=( '--gid[Custom gid in the sandbox (requires --unshare-user or --userns)]: :' '--help[Print help and exit]' '--hostname[Custom hostname in the sandbox (requires --unshare-uts)]: :' - '--info-fd[Write information about the running container to FD]: :' - '--json-status-fd[Write container status to FD as multiple JSON documents]: :' + '--info-fd[Write information about the running container to FD]: :_guard "[0-9]#" "file descriptor to write to"' + '--json-status-fd[Write container status to FD as multiple JSON documents]: :_guard "[0-9]#" "file descriptor to write to"' '--lock-file[Take a lock on DEST while sandbox is running]: :' '--mqueue[Mount new mqueue on DEST]: :' '--new-session[Create a new terminal session]' @@ -35,10 +35,10 @@ _bwrap_args=( '--ro-bind-data[Copy from FD to file which is readonly bind-mounted on DEST]: : :' '--ro-bind-try[Equal to --ro-bind but ignores non-existent SRC]: : _files :' '--ro-bind[Bind mount the host path SRC readonly on DEST]: : _files :' - '--seccomp[Load and use seccomp rules from FD]: :' + '--seccomp[Load and use seccomp rules from FD]: :_guard "[0-9]#" "file descriptor to read seccomp rules from"' '--setenv[Set an environment variable]: :' '--symlink[Create symlink at DEST with target SRC]: : :' - '--sync-fd[Keep this fd open while sandbox is running]: :' + '--sync-fd[Keep this fd open while sandbox is running]: :_guard "[0-9]#" "file descriptor to keep open"' '--tmpfs[Mount new tmpfs on DEST]: :' '--uid[Custom uid in the sandbox (requires --unshare-user or --userns)]: :' '--unsetenv[Unset an environment variable]: :' @@ -52,7 +52,7 @@ _bwrap_args=( '--unshare-user-try[Create new user namespace if possible else continue by skipping it]' '--unshare-uts[Create new uts namespace]' '(--unshare-user)--userns[Use this user namespace (cannot combine with --unshare-user)]: :' - '--userns-block-fd[Block on FD until the user namespace is ready]: :' + '--userns-block-fd[Block on FD until the user namespace is ready]: :_guard "[0-9]#" "file descriptor to block on"' '(--unshare-user)--userns2[After setup switch to this user namspace, only useful with --userns]: :' '--version[Print version]' ) -- cgit v1.2.1 From 737e2467e47c17e4150edc5939edcf922d784b67 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Thu, 24 Jun 2021 10:15:11 +0100 Subject: zsh: Complete --file and friends as taking two arguments After the option itself, subsequent colon-delimited pairs represent a label for the first argument (unused if using _guard), a completion action for the first argument, a label for the second argument, a completion action for the second argument and so on. Signed-off-by: Simon McVittie --- completions/zsh/_bwrap | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/completions/zsh/_bwrap b/completions/zsh/_bwrap index d6a8488..4cd3b8f 100755 --- a/completions/zsh/_bwrap +++ b/completions/zsh/_bwrap @@ -6,7 +6,7 @@ _bwrap_args=( # Please sort alphabetically (in LC_ALL=C order) by option name '--args[Parse NUL-separated args from FD]: :_guard "[0-9]#" "file descriptor with NUL-separated arguments"' '--as-pid-1[Do not install a reaper process with PID=1]' - '--bind-data[Copy from FD to file which is bind-mounted on DEST]: : :' + '--bind-data[Copy from FD to file which is bind-mounted on DEST]: :_guard "[0-9]#" "file descriptor to read content":destination:_files' '--bind-try[Equal to --bind but ignores non-existent SRC]: : _files :' '--bind[Bind mount the host path SRC on DEST]: : _files :' '--block-fd[Block on FD until some data to read is available]: :_guard "[0-9]#" "file descriptor to block on"' @@ -20,7 +20,7 @@ _bwrap_args=( '--dir[Create dir at DEST]: :' '--exec-label[Exec label for the sandbox]: :' '--file-label[File label for temporary sandbox content]: :' - '--file[Copy from FD to destination DEST]: : :' + '--file[Copy from FD to destination DEST]: :_guard "[0-9]#" "file descriptor to read content from":destination:_files' '--gid[Custom gid in the sandbox (requires --unshare-user or --userns)]: :' '--help[Print help and exit]' '--hostname[Custom hostname in the sandbox (requires --unshare-uts)]: :' @@ -32,7 +32,7 @@ _bwrap_args=( '--pidns[Use this user namespace (as parent namespace if using --unshare-pid)]: :' '--proc[Mount new procfs on DEST]: :' '--remount-ro[Remount DEST as readonly; does not recursively remount]: :' - '--ro-bind-data[Copy from FD to file which is readonly bind-mounted on DEST]: : :' + '--ro-bind-data[Copy from FD to file which is readonly bind-mounted on DEST]: :_guard "[0-9]#" "file descriptor to read content from":destination:_files' '--ro-bind-try[Equal to --ro-bind but ignores non-existent SRC]: : _files :' '--ro-bind[Bind mount the host path SRC readonly on DEST]: : _files :' '--seccomp[Load and use seccomp rules from FD]: :_guard "[0-9]#" "file descriptor to read seccomp rules from"' -- cgit v1.2.1 From c62a94639cbead52295ad034a20aed7b4aa13eb5 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Thu, 24 Jun 2021 10:16:37 +0100 Subject: zsh: Complete --bind, etc. as taking two paths as arguments Signed-off-by: Simon McVittie --- completions/zsh/_bwrap | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/completions/zsh/_bwrap b/completions/zsh/_bwrap index 4cd3b8f..caa45ce 100755 --- a/completions/zsh/_bwrap +++ b/completions/zsh/_bwrap @@ -7,14 +7,14 @@ _bwrap_args=( '--args[Parse NUL-separated args from FD]: :_guard "[0-9]#" "file descriptor with NUL-separated arguments"' '--as-pid-1[Do not install a reaper process with PID=1]' '--bind-data[Copy from FD to file which is bind-mounted on DEST]: :_guard "[0-9]#" "file descriptor to read content":destination:_files' - '--bind-try[Equal to --bind but ignores non-existent SRC]: : _files :' - '--bind[Bind mount the host path SRC on DEST]: : _files :' + '--bind-try[Equal to --bind but ignores non-existent SRC]:source:_files:destination:_files' + '--bind[Bind mount the host path SRC on DEST]:source:_files:destination:_files' '--block-fd[Block on FD until some data to read is available]: :_guard "[0-9]#" "file descriptor to block on"' '--cap-add[Add cap CAP when running as privileged user]: :->caps' '--cap-drop[Drop cap CAP when running as privileged user]: :->caps' '--chdir DIR[Change directory to DIR]: : _files -/' - '--dev-bind-try[Equal to --dev-bind but ignores non-existent SRC]: : _files :' - '--dev-bind[Bind mount the host path SRC on DEST, allowing device access]: : _files :' + '--dev-bind-try[Equal to --dev-bind but ignores non-existent SRC]:source:_files:destination:_files' + '--dev-bind[Bind mount the host path SRC on DEST, allowing device access]:source:_files:destination:_files' '--dev[Mount new dev on DEST]: :' "--die-with-parent[Kills with SIGKILL child process (COMMAND) when bwrap or bwrap's parent dies.]" '--dir[Create dir at DEST]: :' @@ -33,8 +33,8 @@ _bwrap_args=( '--proc[Mount new procfs on DEST]: :' '--remount-ro[Remount DEST as readonly; does not recursively remount]: :' '--ro-bind-data[Copy from FD to file which is readonly bind-mounted on DEST]: :_guard "[0-9]#" "file descriptor to read content from":destination:_files' - '--ro-bind-try[Equal to --ro-bind but ignores non-existent SRC]: : _files :' - '--ro-bind[Bind mount the host path SRC readonly on DEST]: : _files :' + '--ro-bind-try[Equal to --ro-bind but ignores non-existent SRC]:source:_files:destination:_files' + '--ro-bind[Bind mount the host path SRC readonly on DEST]:source:_files:destination:_files' '--seccomp[Load and use seccomp rules from FD]: :_guard "[0-9]#" "file descriptor to read seccomp rules from"' '--setenv[Set an environment variable]: :' '--symlink[Create symlink at DEST with target SRC]: : :' -- cgit v1.2.1 From b11a2d0ebece7f6a3b2ec7bf62fff351a238da7b Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Thu, 24 Jun 2021 10:19:36 +0100 Subject: zsh: Complete --dev, --dir etc. as directories The argument is a directory inside the container, but it seems reasonable to assume that directories that exist outside the container are likely candidates for wanting to create inside the container. Signed-off-by: Simon McVittie --- completions/zsh/_bwrap | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/completions/zsh/_bwrap b/completions/zsh/_bwrap index caa45ce..7e68795 100755 --- a/completions/zsh/_bwrap +++ b/completions/zsh/_bwrap @@ -15,9 +15,9 @@ _bwrap_args=( '--chdir DIR[Change directory to DIR]: : _files -/' '--dev-bind-try[Equal to --dev-bind but ignores non-existent SRC]:source:_files:destination:_files' '--dev-bind[Bind mount the host path SRC on DEST, allowing device access]:source:_files:destination:_files' - '--dev[Mount new dev on DEST]: :' + '--dev[Mount new dev on DEST]:mount point for /dev:_files -/' "--die-with-parent[Kills with SIGKILL child process (COMMAND) when bwrap or bwrap's parent dies.]" - '--dir[Create dir at DEST]: :' + '--dir[Create dir at DEST]:directory to create:_files -/' '--exec-label[Exec label for the sandbox]: :' '--file-label[File label for temporary sandbox content]: :' '--file[Copy from FD to destination DEST]: :_guard "[0-9]#" "file descriptor to read content from":destination:_files' @@ -27,10 +27,10 @@ _bwrap_args=( '--info-fd[Write information about the running container to FD]: :_guard "[0-9]#" "file descriptor to write to"' '--json-status-fd[Write container status to FD as multiple JSON documents]: :_guard "[0-9]#" "file descriptor to write to"' '--lock-file[Take a lock on DEST while sandbox is running]: :' - '--mqueue[Mount new mqueue on DEST]: :' + '--mqueue[Mount new mqueue on DEST]:mount point for mqueue:_files -/' '--new-session[Create a new terminal session]' '--pidns[Use this user namespace (as parent namespace if using --unshare-pid)]: :' - '--proc[Mount new procfs on DEST]: :' + '--proc[Mount new procfs on DEST]:mount point for procfs:_files -/' '--remount-ro[Remount DEST as readonly; does not recursively remount]: :' '--ro-bind-data[Copy from FD to file which is readonly bind-mounted on DEST]: :_guard "[0-9]#" "file descriptor to read content from":destination:_files' '--ro-bind-try[Equal to --ro-bind but ignores non-existent SRC]:source:_files:destination:_files' @@ -39,7 +39,7 @@ _bwrap_args=( '--setenv[Set an environment variable]: :' '--symlink[Create symlink at DEST with target SRC]: : :' '--sync-fd[Keep this fd open while sandbox is running]: :_guard "[0-9]#" "file descriptor to keep open"' - '--tmpfs[Mount new tmpfs on DEST]: :' + '--tmpfs[Mount new tmpfs on DEST]:mount point for tmpfs:_files -/' '--uid[Custom uid in the sandbox (requires --unshare-user or --userns)]: :' '--unsetenv[Unset an environment variable]: :' '--unshare-all[Unshare every namespace we support by default]' -- cgit v1.2.1 From f1a3a490e0bb9eb8ab1ff2f187b1e1d388b080c7 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Thu, 24 Jun 2021 10:21:42 +0100 Subject: zsh: Complete --file-label, --exec-label with SELinux contexts This is as used in the completions for chcon(1). Signed-off-by: Simon McVittie --- completions/zsh/_bwrap | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/completions/zsh/_bwrap b/completions/zsh/_bwrap index 7e68795..06ff5c9 100755 --- a/completions/zsh/_bwrap +++ b/completions/zsh/_bwrap @@ -18,8 +18,8 @@ _bwrap_args=( '--dev[Mount new dev on DEST]:mount point for /dev:_files -/' "--die-with-parent[Kills with SIGKILL child process (COMMAND) when bwrap or bwrap's parent dies.]" '--dir[Create dir at DEST]:directory to create:_files -/' - '--exec-label[Exec label for the sandbox]: :' - '--file-label[File label for temporary sandbox content]: :' + '--exec-label[Exec label for the sandbox]:SELinux label:_selinux_contexts' + '--file-label[File label for temporary sandbox content]:SELinux label:_selinux_contexts' '--file[Copy from FD to destination DEST]: :_guard "[0-9]#" "file descriptor to read content from":destination:_files' '--gid[Custom gid in the sandbox (requires --unshare-user or --userns)]: :' '--help[Print help and exit]' -- cgit v1.2.1 From c5ad19e805e706372787bcdaed2126779cefdee2 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Thu, 24 Jun 2021 10:23:37 +0100 Subject: zsh: Complete --uid, --gid as integers Signed-off-by: Simon McVittie --- completions/zsh/_bwrap | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/completions/zsh/_bwrap b/completions/zsh/_bwrap index 06ff5c9..297e505 100755 --- a/completions/zsh/_bwrap +++ b/completions/zsh/_bwrap @@ -21,7 +21,7 @@ _bwrap_args=( '--exec-label[Exec label for the sandbox]:SELinux label:_selinux_contexts' '--file-label[File label for temporary sandbox content]:SELinux label:_selinux_contexts' '--file[Copy from FD to destination DEST]: :_guard "[0-9]#" "file descriptor to read content from":destination:_files' - '--gid[Custom gid in the sandbox (requires --unshare-user or --userns)]: :' + '--gid[Custom gid in the sandbox (requires --unshare-user or --userns)]: :_guard "[0-9]#" "numeric group ID"' '--help[Print help and exit]' '--hostname[Custom hostname in the sandbox (requires --unshare-uts)]: :' '--info-fd[Write information about the running container to FD]: :_guard "[0-9]#" "file descriptor to write to"' @@ -40,7 +40,7 @@ _bwrap_args=( '--symlink[Create symlink at DEST with target SRC]: : :' '--sync-fd[Keep this fd open while sandbox is running]: :_guard "[0-9]#" "file descriptor to keep open"' '--tmpfs[Mount new tmpfs on DEST]:mount point for tmpfs:_files -/' - '--uid[Custom uid in the sandbox (requires --unshare-user or --userns)]: :' + '--uid[Custom uid in the sandbox (requires --unshare-user or --userns)]: :_guard "[0-9]#" "numeric group ID"' '--unsetenv[Unset an environment variable]: :' '--unshare-all[Unshare every namespace we support by default]' '--unshare-cgroup-try[Create new cgroup namespace if possible else continue by skipping it]' -- cgit v1.2.1 From a2b8db7a641e308d261678025ba4e3a24076c83a Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Thu, 24 Jun 2021 10:24:17 +0100 Subject: zsh: Complete --unsetenv like env -u Signed-off-by: Simon McVittie --- completions/zsh/_bwrap | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/completions/zsh/_bwrap b/completions/zsh/_bwrap index 297e505..68179af 100755 --- a/completions/zsh/_bwrap +++ b/completions/zsh/_bwrap @@ -41,7 +41,7 @@ _bwrap_args=( '--sync-fd[Keep this fd open while sandbox is running]: :_guard "[0-9]#" "file descriptor to keep open"' '--tmpfs[Mount new tmpfs on DEST]:mount point for tmpfs:_files -/' '--uid[Custom uid in the sandbox (requires --unshare-user or --userns)]: :_guard "[0-9]#" "numeric group ID"' - '--unsetenv[Unset an environment variable]: :' + '--unsetenv[Unset an environment variable]:variable to unset:_parameters -g "*export*"' '--unshare-all[Unshare every namespace we support by default]' '--unshare-cgroup-try[Create new cgroup namespace if possible else continue by skipping it]' '--unshare-cgroup[Create new cgroup namespace]' -- cgit v1.2.1 From f80bd906e2bc39023650162e57bf86688ca68490 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Thu, 24 Jun 2021 10:25:19 +0100 Subject: zsh: Complete --setenv as an environment variable followed by any string Signed-off-by: Simon McVittie --- completions/zsh/_bwrap | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/completions/zsh/_bwrap b/completions/zsh/_bwrap index 68179af..2d65c99 100755 --- a/completions/zsh/_bwrap +++ b/completions/zsh/_bwrap @@ -36,7 +36,7 @@ _bwrap_args=( '--ro-bind-try[Equal to --ro-bind but ignores non-existent SRC]:source:_files:destination:_files' '--ro-bind[Bind mount the host path SRC readonly on DEST]:source:_files:destination:_files' '--seccomp[Load and use seccomp rules from FD]: :_guard "[0-9]#" "file descriptor to read seccomp rules from"' - '--setenv[Set an environment variable]: :' + '--setenv[Set an environment variable]:variable to set:_parameters -g "*export*":value of variable: :' '--symlink[Create symlink at DEST with target SRC]: : :' '--sync-fd[Keep this fd open while sandbox is running]: :_guard "[0-9]#" "file descriptor to keep open"' '--tmpfs[Mount new tmpfs on DEST]:mount point for tmpfs:_files -/' -- cgit v1.2.1 From 6da9dbf0808e438819e197032ae4e5a716f4778e Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Thu, 24 Jun 2021 10:25:42 +0100 Subject: zsh: Fix a typo in a help message Signed-off-by: Simon McVittie --- completions/zsh/_bwrap | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/completions/zsh/_bwrap b/completions/zsh/_bwrap index 2d65c99..c24220b 100755 --- a/completions/zsh/_bwrap +++ b/completions/zsh/_bwrap @@ -53,7 +53,7 @@ _bwrap_args=( '--unshare-uts[Create new uts namespace]' '(--unshare-user)--userns[Use this user namespace (cannot combine with --unshare-user)]: :' '--userns-block-fd[Block on FD until the user namespace is ready]: :_guard "[0-9]#" "file descriptor to block on"' - '(--unshare-user)--userns2[After setup switch to this user namspace, only useful with --userns]: :' + '(--unshare-user)--userns2[After setup switch to this user namespace, only useful with --userns]: :' '--version[Print version]' ) -- cgit v1.2.1 From 3fc8b4069f1c4f88450f0ec2380278206ec11665 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Thu, 24 Jun 2021 10:27:55 +0100 Subject: zsh: Complete --symlink as having two file arguments Signed-off-by: Simon McVittie --- completions/zsh/_bwrap | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/completions/zsh/_bwrap b/completions/zsh/_bwrap index c24220b..3697091 100755 --- a/completions/zsh/_bwrap +++ b/completions/zsh/_bwrap @@ -37,7 +37,7 @@ _bwrap_args=( '--ro-bind[Bind mount the host path SRC readonly on DEST]:source:_files:destination:_files' '--seccomp[Load and use seccomp rules from FD]: :_guard "[0-9]#" "file descriptor to read seccomp rules from"' '--setenv[Set an environment variable]:variable to set:_parameters -g "*export*":value of variable: :' - '--symlink[Create symlink at DEST with target SRC]: : :' + '--symlink[Create symlink at DEST with target SRC]:symlink target:_files:symlink to create:_files:' '--sync-fd[Keep this fd open while sandbox is running]: :_guard "[0-9]#" "file descriptor to keep open"' '--tmpfs[Mount new tmpfs on DEST]:mount point for tmpfs:_files -/' '--uid[Custom uid in the sandbox (requires --unshare-user or --userns)]: :_guard "[0-9]#" "numeric group ID"' -- cgit v1.2.1 From b74775df8a783ffe91940fe516f08f29f3d38736 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Thu, 24 Jun 2021 10:28:57 +0100 Subject: zsh: Complete --remount-ro as taking a path Signed-off-by: Simon McVittie --- completions/zsh/_bwrap | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/completions/zsh/_bwrap b/completions/zsh/_bwrap index 3697091..12b89cc 100755 --- a/completions/zsh/_bwrap +++ b/completions/zsh/_bwrap @@ -31,7 +31,7 @@ _bwrap_args=( '--new-session[Create a new terminal session]' '--pidns[Use this user namespace (as parent namespace if using --unshare-pid)]: :' '--proc[Mount new procfs on DEST]:mount point for procfs:_files -/' - '--remount-ro[Remount DEST as readonly; does not recursively remount]: :' + '--remount-ro[Remount DEST as readonly; does not recursively remount]:mount point to remount read-only:_files' '--ro-bind-data[Copy from FD to file which is readonly bind-mounted on DEST]: :_guard "[0-9]#" "file descriptor to read content from":destination:_files' '--ro-bind-try[Equal to --ro-bind but ignores non-existent SRC]:source:_files:destination:_files' '--ro-bind[Bind mount the host path SRC readonly on DEST]:source:_files:destination:_files' -- cgit v1.2.1 From 6a21612e6028d521f43d52b54dabea113238590d Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Thu, 24 Jun 2021 10:29:21 +0100 Subject: zsh: Complete --lock-file as taking a path Signed-off-by: Simon McVittie --- completions/zsh/_bwrap | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/completions/zsh/_bwrap b/completions/zsh/_bwrap index 12b89cc..4f7b8a4 100755 --- a/completions/zsh/_bwrap +++ b/completions/zsh/_bwrap @@ -26,7 +26,7 @@ _bwrap_args=( '--hostname[Custom hostname in the sandbox (requires --unshare-uts)]: :' '--info-fd[Write information about the running container to FD]: :_guard "[0-9]#" "file descriptor to write to"' '--json-status-fd[Write container status to FD as multiple JSON documents]: :_guard "[0-9]#" "file descriptor to write to"' - '--lock-file[Take a lock on DEST while sandbox is running]: :' + '--lock-file[Take a lock on DEST while sandbox is running]:lock file:_files' '--mqueue[Mount new mqueue on DEST]:mount point for mqueue:_files -/' '--new-session[Create a new terminal session]' '--pidns[Use this user namespace (as parent namespace if using --unshare-pid)]: :' -- cgit v1.2.1 From ceea5509e3ae75ca1ad35564d4fbca7359f238d1 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Thu, 24 Jun 2021 10:30:24 +0100 Subject: zsh: Label more arguments Signed-off-by: Simon McVittie --- completions/zsh/_bwrap | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/completions/zsh/_bwrap b/completions/zsh/_bwrap index 4f7b8a4..58c6957 100755 --- a/completions/zsh/_bwrap +++ b/completions/zsh/_bwrap @@ -10,9 +10,9 @@ _bwrap_args=( '--bind-try[Equal to --bind but ignores non-existent SRC]:source:_files:destination:_files' '--bind[Bind mount the host path SRC on DEST]:source:_files:destination:_files' '--block-fd[Block on FD until some data to read is available]: :_guard "[0-9]#" "file descriptor to block on"' - '--cap-add[Add cap CAP when running as privileged user]: :->caps' - '--cap-drop[Drop cap CAP when running as privileged user]: :->caps' - '--chdir DIR[Change directory to DIR]: : _files -/' + '--cap-add[Add cap CAP when running as privileged user]:capability to add:->caps' + '--cap-drop[Drop cap CAP when running as privileged user]:capability to add:->caps' + '--chdir DIR[Change directory to DIR]:working directory for sandbox: _files -/' '--dev-bind-try[Equal to --dev-bind but ignores non-existent SRC]:source:_files:destination:_files' '--dev-bind[Bind mount the host path SRC on DEST, allowing device access]:source:_files:destination:_files' '--dev[Mount new dev on DEST]:mount point for /dev:_files -/' @@ -23,7 +23,7 @@ _bwrap_args=( '--file[Copy from FD to destination DEST]: :_guard "[0-9]#" "file descriptor to read content from":destination:_files' '--gid[Custom gid in the sandbox (requires --unshare-user or --userns)]: :_guard "[0-9]#" "numeric group ID"' '--help[Print help and exit]' - '--hostname[Custom hostname in the sandbox (requires --unshare-uts)]: :' + '--hostname[Custom hostname in the sandbox (requires --unshare-uts)]:hostname:' '--info-fd[Write information about the running container to FD]: :_guard "[0-9]#" "file descriptor to write to"' '--json-status-fd[Write container status to FD as multiple JSON documents]: :_guard "[0-9]#" "file descriptor to write to"' '--lock-file[Take a lock on DEST while sandbox is running]:lock file:_files' -- cgit v1.2.1 From 1bff67d1715e320906583c6da7362a0ad5b4d78b Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Thu, 24 Jun 2021 10:30:55 +0100 Subject: zsh: Complete --chdir as --chdir, not as --chdir DIR Signed-off-by: Simon McVittie --- completions/zsh/_bwrap | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/completions/zsh/_bwrap b/completions/zsh/_bwrap index 58c6957..9781d7a 100755 --- a/completions/zsh/_bwrap +++ b/completions/zsh/_bwrap @@ -12,7 +12,7 @@ _bwrap_args=( '--block-fd[Block on FD until some data to read is available]: :_guard "[0-9]#" "file descriptor to block on"' '--cap-add[Add cap CAP when running as privileged user]:capability to add:->caps' '--cap-drop[Drop cap CAP when running as privileged user]:capability to add:->caps' - '--chdir DIR[Change directory to DIR]:working directory for sandbox: _files -/' + '--chdir[Change directory to DIR]:working directory for sandbox: _files -/' '--dev-bind-try[Equal to --dev-bind but ignores non-existent SRC]:source:_files:destination:_files' '--dev-bind[Bind mount the host path SRC on DEST, allowing device access]:source:_files:destination:_files' '--dev[Mount new dev on DEST]:mount point for /dev:_files -/' -- cgit v1.2.1 From f017ad6d1e77870bd5eb5fb2a06775d79b338fb9 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Thu, 24 Jun 2021 10:31:58 +0100 Subject: zsh: Add completion for --chmod Signed-off-by: Simon McVittie --- completions/zsh/_bwrap | 1 + 1 file changed, 1 insertion(+) diff --git a/completions/zsh/_bwrap b/completions/zsh/_bwrap index 9781d7a..0c8992e 100755 --- a/completions/zsh/_bwrap +++ b/completions/zsh/_bwrap @@ -13,6 +13,7 @@ _bwrap_args=( '--cap-add[Add cap CAP when running as privileged user]:capability to add:->caps' '--cap-drop[Drop cap CAP when running as privileged user]:capability to add:->caps' '--chdir[Change directory to DIR]:working directory for sandbox: _files -/' + '--chmod[Set permissions]: :_guard "[0-7]#" "permissions in octal":path to set permissions:_files' '--dev-bind-try[Equal to --dev-bind but ignores non-existent SRC]:source:_files:destination:_files' '--dev-bind[Bind mount the host path SRC on DEST, allowing device access]:source:_files:destination:_files' '--dev[Mount new dev on DEST]:mount point for /dev:_files -/' -- cgit v1.2.1 From 4142eaab902487e25240832b4def0c0399adbb44 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Thu, 24 Jun 2021 10:32:41 +0100 Subject: zsh: Add completion for --perms Signed-off-by: Simon McVittie --- completions/zsh/_bwrap | 1 + 1 file changed, 1 insertion(+) diff --git a/completions/zsh/_bwrap b/completions/zsh/_bwrap index 0c8992e..a3211b9 100755 --- a/completions/zsh/_bwrap +++ b/completions/zsh/_bwrap @@ -30,6 +30,7 @@ _bwrap_args=( '--lock-file[Take a lock on DEST while sandbox is running]:lock file:_files' '--mqueue[Mount new mqueue on DEST]:mount point for mqueue:_files -/' '--new-session[Create a new terminal session]' + '--perms[Set permissions for next action argument]: :_guard "[0-7]#" "permissions in octal"' '--pidns[Use this user namespace (as parent namespace if using --unshare-pid)]: :' '--proc[Mount new procfs on DEST]:mount point for procfs:_files -/' '--remount-ro[Remount DEST as readonly; does not recursively remount]:mount point to remount read-only:_files' -- cgit v1.2.1 From 7571c022540cb94c14a2bb9e8bfffbfdbfc71661 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Thu, 24 Jun 2021 10:33:40 +0100 Subject: zsh: Add completion for --clearenv Also don't offer --unsetenv as a completion after --clearenv: it would be redundant. Signed-off-by: Simon McVittie --- completions/zsh/_bwrap | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/completions/zsh/_bwrap b/completions/zsh/_bwrap index a3211b9..d512506 100755 --- a/completions/zsh/_bwrap +++ b/completions/zsh/_bwrap @@ -14,6 +14,7 @@ _bwrap_args=( '--cap-drop[Drop cap CAP when running as privileged user]:capability to add:->caps' '--chdir[Change directory to DIR]:working directory for sandbox: _files -/' '--chmod[Set permissions]: :_guard "[0-7]#" "permissions in octal":path to set permissions:_files' + '--clearenv[Unset all environment variables]' '--dev-bind-try[Equal to --dev-bind but ignores non-existent SRC]:source:_files:destination:_files' '--dev-bind[Bind mount the host path SRC on DEST, allowing device access]:source:_files:destination:_files' '--dev[Mount new dev on DEST]:mount point for /dev:_files -/' @@ -43,7 +44,7 @@ _bwrap_args=( '--sync-fd[Keep this fd open while sandbox is running]: :_guard "[0-9]#" "file descriptor to keep open"' '--tmpfs[Mount new tmpfs on DEST]:mount point for tmpfs:_files -/' '--uid[Custom uid in the sandbox (requires --unshare-user or --userns)]: :_guard "[0-9]#" "numeric group ID"' - '--unsetenv[Unset an environment variable]:variable to unset:_parameters -g "*export*"' + '(--clearenv)--unsetenv[Unset an environment variable]:variable to unset:_parameters -g "*export*"' '--unshare-all[Unshare every namespace we support by default]' '--unshare-cgroup-try[Create new cgroup namespace if possible else continue by skipping it]' '--unshare-cgroup[Create new cgroup namespace]' -- cgit v1.2.1 From 05b26397429bfb1b9834ea81f885b72c33c6dd14 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Thu, 24 Jun 2021 10:42:29 +0100 Subject: zsh: After completing --perms, only accept appropriate options Signed-off-by: Simon McVittie --- completions/zsh/_bwrap | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/completions/zsh/_bwrap b/completions/zsh/_bwrap index d512506..5a9d2fd 100755 --- a/completions/zsh/_bwrap +++ b/completions/zsh/_bwrap @@ -1,12 +1,21 @@ #compdef bwrap +_bwrap_args_after_perms=( + # Please sort alphabetically (in LC_ALL=C order) by option name + '--bind-data[Copy from FD to file which is bind-mounted on DEST]: :_guard "[0-9]#" "file descriptor to read content":destination:_files' + '--dir[Create dir at DEST]:directory to create:_files -/' + '--file[Copy from FD to destination DEST]: :_guard "[0-9]#" "file descriptor to read content from":destination:_files' + '--ro-bind-data[Copy from FD to file which is readonly bind-mounted on DEST]: :_guard "[0-9]#" "file descriptor to read content from":destination:_files' + '--tmpfs[Mount new tmpfs on DEST]:mount point for tmpfs:_files -/' +) + _bwrap_args=( '*::arguments:_normal' + $_bwrap_args_after_perms # Please sort alphabetically (in LC_ALL=C order) by option name '--args[Parse NUL-separated args from FD]: :_guard "[0-9]#" "file descriptor with NUL-separated arguments"' '--as-pid-1[Do not install a reaper process with PID=1]' - '--bind-data[Copy from FD to file which is bind-mounted on DEST]: :_guard "[0-9]#" "file descriptor to read content":destination:_files' '--bind-try[Equal to --bind but ignores non-existent SRC]:source:_files:destination:_files' '--bind[Bind mount the host path SRC on DEST]:source:_files:destination:_files' '--block-fd[Block on FD until some data to read is available]: :_guard "[0-9]#" "file descriptor to block on"' @@ -19,10 +28,8 @@ _bwrap_args=( '--dev-bind[Bind mount the host path SRC on DEST, allowing device access]:source:_files:destination:_files' '--dev[Mount new dev on DEST]:mount point for /dev:_files -/' "--die-with-parent[Kills with SIGKILL child process (COMMAND) when bwrap or bwrap's parent dies.]" - '--dir[Create dir at DEST]:directory to create:_files -/' '--exec-label[Exec label for the sandbox]:SELinux label:_selinux_contexts' '--file-label[File label for temporary sandbox content]:SELinux label:_selinux_contexts' - '--file[Copy from FD to destination DEST]: :_guard "[0-9]#" "file descriptor to read content from":destination:_files' '--gid[Custom gid in the sandbox (requires --unshare-user or --userns)]: :_guard "[0-9]#" "numeric group ID"' '--help[Print help and exit]' '--hostname[Custom hostname in the sandbox (requires --unshare-uts)]:hostname:' @@ -31,18 +38,16 @@ _bwrap_args=( '--lock-file[Take a lock on DEST while sandbox is running]:lock file:_files' '--mqueue[Mount new mqueue on DEST]:mount point for mqueue:_files -/' '--new-session[Create a new terminal session]' - '--perms[Set permissions for next action argument]: :_guard "[0-7]#" "permissions in octal"' + '--perms[Set permissions for next action argument]: :_guard "[0-7]#" "permissions in octal": :->after_perms' '--pidns[Use this user namespace (as parent namespace if using --unshare-pid)]: :' '--proc[Mount new procfs on DEST]:mount point for procfs:_files -/' '--remount-ro[Remount DEST as readonly; does not recursively remount]:mount point to remount read-only:_files' - '--ro-bind-data[Copy from FD to file which is readonly bind-mounted on DEST]: :_guard "[0-9]#" "file descriptor to read content from":destination:_files' '--ro-bind-try[Equal to --ro-bind but ignores non-existent SRC]:source:_files:destination:_files' '--ro-bind[Bind mount the host path SRC readonly on DEST]:source:_files:destination:_files' '--seccomp[Load and use seccomp rules from FD]: :_guard "[0-9]#" "file descriptor to read seccomp rules from"' '--setenv[Set an environment variable]:variable to set:_parameters -g "*export*":value of variable: :' '--symlink[Create symlink at DEST with target SRC]:symlink target:_files:symlink to create:_files:' '--sync-fd[Keep this fd open while sandbox is running]: :_guard "[0-9]#" "file descriptor to keep open"' - '--tmpfs[Mount new tmpfs on DEST]:mount point for tmpfs:_files -/' '--uid[Custom uid in the sandbox (requires --unshare-user or --userns)]: :_guard "[0-9]#" "numeric group ID"' '(--clearenv)--unsetenv[Unset an environment variable]:variable to unset:_parameters -g "*export*"' '--unshare-all[Unshare every namespace we support by default]' @@ -60,10 +65,13 @@ _bwrap_args=( '--version[Print version]' ) - _bwrap() { _arguments -S $_bwrap_args case "$state" in + after_perms) + _values -S ' ' 'option' $_bwrap_args_after_perms + ;; + caps) # $ grep -E '#define\sCAP_\w+\s+[0-9]+' /usr/include/linux/capability.h | awk '{print $2}' | xargs echo local all_caps=( -- cgit v1.2.1