diff --git a/share/completions/firejail.fish b/share/completions/firejail.fish new file mode 100644 index 000000000..d80645107 --- /dev/null +++ b/share/completions/firejail.fish @@ -0,0 +1,55 @@ +function __fish_firejail_profiles + path basename -- /etc/firejail/*.profile ~/.config/firejail/*.profile +end + +function __fish_firejail_complete_sandboxes + firejail --list | string replace -rf -- '([^:]+):([^:]+):([^:]+):(.*)' '$1\t$3: $4 ($2)\n$3\t$1: $4 ($2)' +end + +complete -c firejail -f +complete -c firejail -l help -d 'Show help and exit' +complete -c firejail -l version -d 'Show version and exit' +complete -c firejail -l debug -d 'Print debug info' +complete -c firejail -l debug-blacklists -d 'Debug blacklisting' +complete -c firejail -l debug-whitelists -d 'Debug whitelisting' +complete -c firejail -l debug-caps -d 'Print known capabilities and exit' +complete -c firejail -l debug-errnos -d 'Print known error numbers and exit' +complete -c firejail -l debug-private-lib -d 'Debug --private-lib' +complete -c firejail -l debug-protocols -d 'Print known protocols and exit' +complete -c firejail -l debug-syscalls -d 'Print known syscalls and exit' +complete -c firejail -l debug-syscalls32 -d 'Print known 32-bit syscalls and exit' +complete -c firejail -l list -d 'List all sandboxes' +complete -c firejail -l tree -d 'Print a tree of all sandboxes' +complete -c firejail -l top -d 'Monitor sandboxes (like `top`)' +complete -c firejail -l shutdown -d 'Show help and exit' + +# Profiles +# Note: firejail's option parsing is weird and *requires* the --foo=bar form +# So we don't use -r +complete -c firejail -l profiles -d 'Load a custom security profile' -a '(__fish_firejail_profiles)' + +# Sandboxes +complete -c firejail -l join -d 'Join existing sandbox' -a '(__fish_firejail_complete_sandboxes)' + +# Files +complete -c firejail -l hosts-file -d 'Show help and exit' -a '(__fish_firejail_profiles)' + +# directory +complete -c firejail -l chroot -d 'Chroot into this directory' -a '(__fish_complete_directories)' +complete -c firejail -l tmpfs -d 'Mount tmpfs into sandbox' -a '(__fish_complete_directories)' +complete -c firejail -l blacklist -d 'Blacklist dir or file' -F +complete -c firejail -l noblacklist -d 'Disable blacklist for dir or file' -F +complete -c firejail -l whitelist -d 'Whitelist dir or file' -F +complete -c firejail -l nowhitelist -d 'Disable whitelist for dir or file' -F +complete -c firejail -l read-only -d 'Set dir or file read-only' -F +complete -c firejail -l read-write -d 'Set dir or file read-write' -F +# TODO: Comma-separated ("/etc/foo,/usr/etc/foo" bind-mounts /etc/foo on /usr/etc/foo) +complete -c firejail -l bind -d 'Bind-mount file on top of another' -F +complete -c firejail -l private -d 'Mount temporary home directories and delete on exit' -F +complete -c firejail -l netfilter -d 'Enable firewall given by this file' -F + +# Interfaces +complete -c firejail -l net -d 'Enable network namespace connected to this interface' -a '(__fish_print_interfaces)' + +# Commands +complete -c firejail -a '(__fish_complete_subcommand)'