Browse code
Improve bash completion for `docker run --cap-{add,drop}`
Docker has several capabilities enabled by default and some not.
It seems natural to follow this distinction in --cap-add and
--cap-drop.
Signed-off-by: Harald Albers <github@albersweb.de>
(cherry picked from commit 36d8b66cb9aab26bd2552083b786b7a11272d9b9)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
Harald Albers authored on 2017/01/19 00:01:36Showing 1 changed files
| ... | ... |
@@ -605,38 +605,25 @@ __docker_complete_local_interfaces() {
|
| 605 | 605 |
COMPREPLY=( $( compgen -W "$(__docker_local_interfaces) $additional_interface" -- "$cur" ) ) |
| 606 | 606 |
} |
| 607 | 607 |
|
| 608 |
-__docker_complete_capabilities() {
|
|
| 609 |
- # The list of capabilities is defined in types.go, ALL was added manually. |
|
| 608 |
+# __docker_complete_capabilities_addable completes Linux capabilities which are |
|
| 609 |
+# not granted by default and may be added. |
|
| 610 |
+# see https://docs.docker.com/engine/reference/run/#/runtime-privilege-and-linux-capabilities |
|
| 611 |
+__docker_complete_capabilities_addable() {
|
|
| 610 | 612 |
COMPREPLY=( $( compgen -W " |
| 611 | 613 |
ALL |
| 612 | 614 |
AUDIT_CONTROL |
| 613 |
- AUDIT_WRITE |
|
| 614 |
- AUDIT_READ |
|
| 615 | 615 |
BLOCK_SUSPEND |
| 616 |
- CHOWN |
|
| 617 |
- DAC_OVERRIDE |
|
| 618 | 616 |
DAC_READ_SEARCH |
| 619 |
- FOWNER |
|
| 620 |
- FSETID |
|
| 621 | 617 |
IPC_LOCK |
| 622 | 618 |
IPC_OWNER |
| 623 |
- KILL |
|
| 624 | 619 |
LEASE |
| 625 | 620 |
LINUX_IMMUTABLE |
| 626 | 621 |
MAC_ADMIN |
| 627 | 622 |
MAC_OVERRIDE |
| 628 |
- MKNOD |
|
| 629 | 623 |
NET_ADMIN |
| 630 |
- NET_BIND_SERVICE |
|
| 631 | 624 |
NET_BROADCAST |
| 632 |
- NET_RAW |
|
| 633 |
- SETFCAP |
|
| 634 |
- SETGID |
|
| 635 |
- SETPCAP |
|
| 636 |
- SETUID |
|
| 637 | 625 |
SYS_ADMIN |
| 638 | 626 |
SYS_BOOT |
| 639 |
- SYS_CHROOT |
|
| 640 | 627 |
SYSLOG |
| 641 | 628 |
SYS_MODULE |
| 642 | 629 |
SYS_NICE |
| ... | ... |
@@ -650,6 +637,29 @@ __docker_complete_capabilities() {
|
| 650 | 650 |
" -- "$cur" ) ) |
| 651 | 651 |
} |
| 652 | 652 |
|
| 653 |
+# __docker_complete_capabilities_droppable completes Linux capability options which are |
|
| 654 |
+# allowed by default and can be dropped. |
|
| 655 |
+# see https://docs.docker.com/engine/reference/run/#/runtime-privilege-and-linux-capabilities |
|
| 656 |
+__docker_complete_capabilities_droppable() {
|
|
| 657 |
+ COMPREPLY=( $( compgen -W " |
|
| 658 |
+ ALL |
|
| 659 |
+ AUDIT_WRITE |
|
| 660 |
+ CHOWN |
|
| 661 |
+ DAC_OVERRIDE |
|
| 662 |
+ FOWNER |
|
| 663 |
+ FSETID |
|
| 664 |
+ KILL |
|
| 665 |
+ MKNOD |
|
| 666 |
+ NET_BIND_SERVICE |
|
| 667 |
+ NET_RAW |
|
| 668 |
+ SETFCAP |
|
| 669 |
+ SETGID |
|
| 670 |
+ SETPCAP |
|
| 671 |
+ SETUID |
|
| 672 |
+ SYS_CHROOT |
|
| 673 |
+ " -- "$cur" ) ) |
|
| 674 |
+} |
|
| 675 |
+ |
|
| 653 | 676 |
__docker_complete_detach-keys() {
|
| 654 | 677 |
case "$prev" in |
| 655 | 678 |
--detach-keys) |
| ... | ... |
@@ -1538,8 +1548,12 @@ _docker_container_run() {
|
| 1538 | 1538 |
COMPREPLY=( $( compgen -W 'stdin stdout stderr' -- "$cur" ) ) |
| 1539 | 1539 |
return |
| 1540 | 1540 |
;; |
| 1541 |
- --cap-add|--cap-drop) |
|
| 1542 |
- __docker_complete_capabilities |
|
| 1541 |
+ --cap-add) |
|
| 1542 |
+ __docker_complete_capabilities_addable |
|
| 1543 |
+ return |
|
| 1544 |
+ ;; |
|
| 1545 |
+ --cap-drop) |
|
| 1546 |
+ __docker_complete_capabilities_droppable |
|
| 1543 | 1547 |
return |
| 1544 | 1548 |
;; |
| 1545 | 1549 |
--cidfile|--env-file|--init-path|--label-file) |