From: Edênis Freindorfer Azevedo <edenisfa@gmail.com>
Date: Tue, 31 Aug 2021 15:45:51 +0000 (-0300)
Subject: Add `__lxc_get_selinux_contexts()`.
X-Git-Tag: lxc-5.0.0~91^2~6
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a33d86d20b041a469c4e6ed437969a0a1c791fc4;p=thirdparty%2Flxc.git

Add `__lxc_get_selinux_contexts()`.

List SElinux contexts available. Not clear if this could be only for
root or if normal user with `sudo` is also supported.

Using `Fedora34` for basic testing.

Signed-off-by: Edênis Freindorfer Azevedo <edenisfa@gmail.com>
---

diff --git a/config/bash/lxc.in b/config/bash/lxc.in
index fa82c39fd..e134d82bf 100644
--- a/config/bash/lxc.in
+++ b/config/bash/lxc.in
@@ -239,6 +239,31 @@ __lxc_piped_args() {
     [[ "${#extcompletion[@]}" -gt 1 ]] && compopt -o nospace
 }
 
+__lxc_get_selinux_contexts() {
+    declare -a sepolicies=()
+    local sepolicy
+    # Check for SElinux tool.
+    if ! command -v semanage > /dev/null 2>&1; then
+        return
+    fi
+    # Skip header + following empty line.
+    mapfile -s 2 -t output < <(command semanage fcontext -l 2>/dev/null)
+    local -r none="<<None>>"
+    for line in "${output[@]}"; do
+        if [[ "${line}" =~ "SELinux Distribution fcontext Equivalence" ]]; then
+            break
+        fi
+        read -r -e -a current <<< "${line}"
+        if [[ "${#current[@]}" -gt 0 ]]; then
+            sepolicy="${current[${#current[@]}-1]}"
+            [[ ! "${sepolicy}" =~ ${none} ]] && sepolicies+=("${sepolicy}")
+        fi
+    done
+    # Default context.
+    sepolicies+=("unconfined_u:object_r:default_t:s0")
+    COMPREPLY=( $( compgen -P'"' -S'"' -W "${sepolicies[*]}" -- "${cur}" ) )
+}
+
 _lxc_attach() {
     local cur prev words cword split
     COMPREPLY=()
@@ -292,7 +317,7 @@ _lxc_attach() {
             return
             ;;
         --context | -c )
-            # @TODO: list all SElinux contexts available.
+            __lxc_get_selinux_contexts
             return
             ;;
     esac