From 0f97c7c721df5f5f8dc6c479fbd68b155dbcc7c9 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Ed=C3=AAnis=20Freindorfer=20Azevedo?= Date: Tue, 31 Aug 2021 12:45:51 -0300 Subject: [PATCH] Add `__lxc_get_selinux_contexts()`. MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit List SElinux contexts available. Not clear if this could be only for root or if normal user with `sudo` is also supported. Using `Fedora34` for basic testing. Signed-off-by: Edênis Freindorfer Azevedo --- config/bash/lxc.in | 27 ++++++++++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) diff --git a/config/bash/lxc.in b/config/bash/lxc.in index fa82c39fd..e134d82bf 100644 --- a/config/bash/lxc.in +++ b/config/bash/lxc.in @@ -239,6 +239,31 @@ __lxc_piped_args() { [[ "${#extcompletion[@]}" -gt 1 ]] && compopt -o nospace } +__lxc_get_selinux_contexts() { + declare -a sepolicies=() + local sepolicy + # Check for SElinux tool. + if ! command -v semanage > /dev/null 2>&1; then + return + fi + # Skip header + following empty line. + mapfile -s 2 -t output < <(command semanage fcontext -l 2>/dev/null) + local -r none="<>" + for line in "${output[@]}"; do + if [[ "${line}" =~ "SELinux Distribution fcontext Equivalence" ]]; then + break + fi + read -r -e -a current <<< "${line}" + if [[ "${#current[@]}" -gt 0 ]]; then + sepolicy="${current[${#current[@]}-1]}" + [[ ! "${sepolicy}" =~ ${none} ]] && sepolicies+=("${sepolicy}") + fi + done + # Default context. + sepolicies+=("unconfined_u:object_r:default_t:s0") + COMPREPLY=( $( compgen -P'"' -S'"' -W "${sepolicies[*]}" -- "${cur}" ) ) +} + _lxc_attach() { local cur prev words cword split COMPREPLY=() @@ -292,7 +317,7 @@ _lxc_attach() { return ;; --context | -c ) - # @TODO: list all SElinux contexts available. + __lxc_get_selinux_contexts return ;; esac -- 2.47.2