Re: [PATCH bpf-next] bpftool: bash-completion: Add nopasswd sudo prefix for bpftool

From: Quentin Monnet
Date: Wed Feb 12 2025 - 06:00:46 EST


2025-02-12 18:14 UTC+0800 ~ Rong Tao <rtoax@xxxxxxxxxxx>
> From: Rong Tao <rongtao@xxxxxxxx>
>
> In the bpftool script of bash-completion, many bpftool commands require
> superuser privileges to execute. Otherwise, Operation not permission will
> be displayed. Here, we check whether ordinary users are exempt from
> entering the sudo password. If so, we need to add the sudo prefix to the
> bpftool command to be executed. In this way, we can obtain the correct
> command completion content instead of the wrong one.
>
> For example, when updating array_of_maps, the wrong 'hex' is completed:
>
> $ sudo bpftool map update name arr_maps key 0 0 0 0 value [tab]
> $ sudo bpftool map update name arr_maps key 0 0 0 0 value hex
>
> However, what we need is "id name pinned". Similarly, there is the same
> problem in getting the map 'name' and 'id':
>
> $ sudo bpftool map show name [tab] < get nothing
> $ sudo bpftool map show id [tab] < get nothing
>
> This commit fixes the issue.
>
> $ sudo bpftool map update name arr_maps key 0 0 0 0 value [tab]
> id name pinned
>
> $ sudo bpftool map show name
> arr_maps cgroup_hash inner_arr1 inner_arr2
>
> $ sudo bpftool map show id
> 11 1383 4091 4096
>
> Signed-off-by: Rong Tao <rongtao@xxxxxxxx>

Hi, thanks for the patch.

I agree it's annoying to have a partially-working completion for
non-root users, however, I don't feel very comfortable introducing calls
to "sudo" in bash completion, without the user noticing. For what it's
worth, I searched other bash completion files (from
https://github.com/scop/bash-completion/) and I can't find any of them
running sudo to help complete commands, so it doesn't seem to be
something usual in completion. I think I'd rather keep the current state
(or fix the first example to have the right keywords displayed but
without running sudo).

Quentin