(command.CommandList children: [ (C {<Id.KW_Set set>} {<-e>}) (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:EXITCODE) op: assign_op.Equal rhs: {<0>} spids: [8] ) ] ) (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:possibleConfigs) op: assign_op.Equal rhs: { (sh_array_literal left: <Id.Op_LParen _> words: [ {(SQ <'/proc/config.gz'>)} { (DQ <'/boot/config-'> (command_sub left_token: <Id.Left_DollarParen '$('> child: (C {<uname>} {<-r>}) ) ) } { (DQ <'/usr/src/linux-'> (command_sub left_token: <Id.Left_DollarParen '$('> child: (C {<uname>} {<-r>}) ) <'/.config'> ) } {(SQ <'/usr/src/linux/.config'>)} ] ) } spids: [19] ) ] ) (command.If arms: [ (if_arm cond: [ (command.Sentence child: (C {<Id.Lit_LBracket '['>} {($ Id.VSub_Pound '$#')} {<-gt>} {<0>} {<Id.Lit_RBracket ']'>}) terminator: <Id.Op_Semi _> ) ] action: [ (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:CONFIG) op: assign_op.Equal rhs: {(DQ ($ Id.VSub_Number '$1'))} spids: [72] ) ] ) ] spids: [56 69] ) ] else_action: [ (C {<Id.Lit_Colon ':'>} { (braced_var_sub token: <Id.VSub_Name CONFIG> suffix_op: (suffix_op.Unary op_id: Id.VTest_ColonEquals arg_word: { (DQ (braced_var_sub token: <Id.VSub_Name possibleConfigs> bracket_op: (bracket_op.ArrayIndex expr:{<Id.Lit_Digits 0>}) ) ) } ) ) } ) ] ) (command.If arms: [ (if_arm cond: [ (command.Sentence child: (command.Pipeline children: [ (command.Simple words: [{<command>} {<-v>} {<zgrep>}] redirects: [ (redir op: <Id.Redir_AndGreat '&>'> loc: (redir_loc.Fd fd:1) arg: {<'/dev/null'>} ) ] do_fork: T ) ] negated: T ) terminator: <Id.Op_Semi _> ) ] action: [ (command.ShFunction name: zgrep body: (BraceGroup children: [ (command.Pipeline children: [ (C {<zcat>} {(DQ ($ Id.VSub_Number '$2'))}) (C {<grep>} {(DQ ($ Id.VSub_Number '$1'))}) ] negated: F ) ] ) ) ] spids: [98 113] ) ] ) (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:kernelVersion) op: assign_op.Equal rhs: {(DQ (command_sub left_token:<Id.Left_DollarParen '$('> child:(C {<uname>} {<-r>})))} spids: [143] ) ] ) (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:kernelMajor) op: assign_op.Equal rhs: { (DQ (braced_var_sub token: <Id.VSub_Name kernelVersion> suffix_op: (suffix_op.Unary op_id:Id.VOp1_DPercent arg_word:{<'.*'>}) ) ) } spids: [152] ) ] ) (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:kernelMinor) op: assign_op.Equal rhs: { (DQ (braced_var_sub token: <Id.VSub_Name kernelVersion> suffix_op: (suffix_op.Unary op_id: Id.VOp1_Pound arg_word: {($ Id.VSub_DollarName '$kernelMajor') <.>} ) ) ) } spids: [161] ) ] ) (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:kernelMinor) op: assign_op.Equal rhs: { (DQ (braced_var_sub token: <Id.VSub_Name kernelMinor> suffix_op: (suffix_op.Unary op_id:Id.VOp1_DPercent arg_word:{<'.*'>}) ) ) } spids: [171] ) ] ) (command.ShFunction name: is_set body: (BraceGroup children: [ (command.Simple words: [ {<zgrep>} {(DQ <CONFIG_> ($ Id.VSub_Number '$1') <'=[y|m]'>)} {(DQ ($ Id.VSub_DollarName '$CONFIG'))} ] redirects: [(redir op:<Id.Redir_Great '>'> loc:(redir_loc.Fd fd:1) arg:{<'/dev/null'>})] do_fork: T ) ] ) ) (command.ShFunction name: is_set_in_kernel body: (BraceGroup children: [ (command.Simple words: [ {<zgrep>} {(DQ <CONFIG_> ($ Id.VSub_Number '$1') <'=y'>)} {(DQ ($ Id.VSub_DollarName '$CONFIG'))} ] redirects: [(redir op:<Id.Redir_Great '>'> loc:(redir_loc.Fd fd:1) arg:{<'/dev/null'>})] do_fork: T ) ] ) ) (command.ShFunction name: is_set_as_module body: (BraceGroup children: [ (command.Simple words: [ {<zgrep>} {(DQ <CONFIG_> ($ Id.VSub_Number '$1') <'=m'>)} {(DQ ($ Id.VSub_DollarName '$CONFIG'))} ] redirects: [(redir op:<Id.Redir_Great '>'> loc:(redir_loc.Fd fd:1) arg:{<'/dev/null'>})] do_fork: T ) ] ) ) (command.ShFunction name: color body: (BraceGroup children: [ (C {<local>} {<Id.Lit_VarLike 'codes='> (sh_array_literal left:<Id.Op_LParen _>)}) (command.If arms: [ (if_arm cond: [ (command.Sentence child: (C {<Id.Lit_LBracket '['>} {(DQ ($ Id.VSub_Number '$1'))} {<Id.Lit_Equals '='>} {(SQ <bold>)} {<Id.Lit_RBracket ']'>} ) terminator: <Id.Op_Semi _> ) ] action: [ (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:codes) op: assign_op.Equal rhs: { (sh_array_literal left: <Id.Op_LParen _> words: [ { (DQ (braced_var_sub token: <Id.VSub_Name codes> bracket_op: (bracket_op.WholeArray op_id:Id.Lit_At) ) ) } {(SQ <1>)} ] ) } spids: [291] ) ] ) (C {<shift>}) ] spids: [271 288] ) ] ) (command.If arms: [ (if_arm cond: [ (command.Sentence child: (C {<Id.Lit_LBracket '['>} {(DQ ($ Id.VSub_Pound '$#'))} {<-gt>} {<0>} {<Id.Lit_RBracket ']'>} ) terminator: <Id.Op_Semi _> ) ] action: [ (C {<local>} {<Id.Lit_VarLike 'code='>}) (command.Case to_match: {(DQ ($ Id.VSub_Number '$1'))} arms: [ (case_arm pat_list: [{<black>}] action: [ (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:code) op: assign_op.Equal rhs: {<30>} spids: [355] ) ] ) ] spids: [352 353 358 -1] ) (case_arm pat_list: [{<red>}] action: [ (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:code) op: assign_op.Equal rhs: {<31>} spids: [364] ) ] ) ] spids: [361 362 367 -1] ) (case_arm pat_list: [{<green>}] action: [ (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:code) op: assign_op.Equal rhs: {<32>} spids: [373] ) ] ) ] spids: [370 371 376 -1] ) (case_arm pat_list: [{<yellow>}] action: [ (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:code) op: assign_op.Equal rhs: {<33>} spids: [382] ) ] ) ] spids: [379 380 385 -1] ) (case_arm pat_list: [{<blue>}] action: [ (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:code) op: assign_op.Equal rhs: {<34>} spids: [391] ) ] ) ] spids: [388 389 394 -1] ) (case_arm pat_list: [{<magenta>}] action: [ (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:code) op: assign_op.Equal rhs: {<35>} spids: [400] ) ] ) ] spids: [397 398 403 -1] ) (case_arm pat_list: [{<cyan>}] action: [ (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:code) op: assign_op.Equal rhs: {<36>} spids: [409] ) ] ) ] spids: [406 407 412 -1] ) (case_arm pat_list: [{<white>}] action: [ (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:code) op: assign_op.Equal rhs: {<37>} spids: [418] ) ] ) ] spids: [415 416 421 -1] ) ] ) (command.If arms: [ (if_arm cond: [ (command.Sentence child: (C {<Id.Lit_LBracket '['>} {(DQ ($ Id.VSub_DollarName '$code'))} {<Id.Lit_RBracket ']'>} ) terminator: <Id.Op_Semi _> ) ] action: [ (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:codes) op: assign_op.Equal rhs: { (sh_array_literal left: <Id.Op_LParen _> words: [ { (DQ (braced_var_sub token: <Id.VSub_Name codes> bracket_op: (bracket_op.WholeArray op_id:Id.Lit_At) ) ) } {(DQ ($ Id.VSub_DollarName '$code'))} ] ) } spids: [441] ) ] ) ] spids: [427 438] ) ] ) ] spids: [316 331] ) ] ) (C {<local>} {<Id.Lit_VarLike 'IFS='> (SQ <';'>)}) (C {<echo>} {<-en>} {(SQ <'\\033['>) (DQ (braced_var_sub token: <Id.VSub_Name codes> bracket_op: (bracket_op.WholeArray op_id:Id.Arith_Star) ) ) (SQ <m>) } ) ] ) ) (command.ShFunction name: wrap_color body: (BraceGroup children: [ (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:text) op: assign_op.Equal rhs: {(DQ ($ Id.VSub_Number '$1'))} spids: [502] ) ] ) (C {<shift>}) (C {<color>} {(DQ ($ Id.VSub_At '$@'))}) (C {<echo>} {<-n>} {(DQ ($ Id.VSub_DollarName '$text'))}) (C {<color>} {<reset>}) (C {<echo>}) ] ) ) (command.ShFunction name: wrap_good body: (BraceGroup children: [ (C {<echo>} { (DQ (command_sub left_token: <Id.Left_DollarParen '$('> child: (C {<wrap_color>} {(DQ ($ Id.VSub_Number '$1'))} {<white>}) ) <': '> (command_sub left_token: <Id.Left_DollarParen '$('> child: (C {<wrap_color>} {(DQ ($ Id.VSub_Number '$2'))} {<green>}) ) ) } ) ] ) ) (command.ShFunction name: wrap_bad body: (BraceGroup children: [ (C {<echo>} { (DQ (command_sub left_token: <Id.Left_DollarParen '$('> child: (C {<wrap_color>} {(DQ ($ Id.VSub_Number '$1'))} {<bold>}) ) <': '> (command_sub left_token: <Id.Left_DollarParen '$('> child: (C {<wrap_color>} {(DQ ($ Id.VSub_Number '$2'))} {<bold>} {<red>}) ) ) } ) ] ) ) (command.ShFunction name: wrap_warning body: (BraceGroup children: [ (command.Simple words: [{<wrap_color>} {(DQ ($ Id.VSub_Star '$*'))} {<red>}] redirects: [(redir op:<Id.Redir_GreatAnd '>&'> loc:(redir_loc.Fd fd:1) arg:{<2>})] do_fork: T ) ] ) ) (command.ShFunction name: check_flag body: (BraceGroup children: [ (command.If arms: [ (if_arm cond: [ (command.Sentence child: (C {<is_set_in_kernel>} {(DQ ($ Id.VSub_Number '$1'))}) terminator: <Id.Op_Semi _> ) ] action: [(C {<wrap_good>} {(DQ <CONFIG_> ($ Id.VSub_Number '$1'))} {(SQ <enabled>)})] spids: [633 642] ) (if_arm cond: [ (command.Sentence child: (C {<is_set_as_module>} {(DQ ($ Id.VSub_Number '$1'))}) terminator: <Id.Op_Semi _> ) ] action: [ (C {<wrap_good>} {(DQ <CONFIG_> ($ Id.VSub_Number '$1'))} {(SQ <'enabled (as module)'>)} ) ] spids: [657 666] ) ] else_action: [ (C {<wrap_bad>} {(DQ <CONFIG_> ($ Id.VSub_Number '$1'))} {(SQ <missing>)}) (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:EXITCODE) op: assign_op.Equal rhs: {<1>} spids: [696] ) ] ) ] ) ] ) ) (command.ShFunction name: check_flags body: (BraceGroup children: [ (command.ForEach iter_name: flag iter_words: [{(DQ ($ Id.VSub_At '$@'))}] do_arg_iter: F body: (command.DoGroup children: [ (command.Sentence child: (C {<echo>} {<-n>} {(DQ <'- '>)}) terminator: <Id.Op_Semi _> ) (C {<check_flag>} {(DQ ($ Id.VSub_DollarName '$flag'))}) ] ) ) ] ) ) (command.ShFunction name: check_command body: (BraceGroup children: [ (command.If arms: [ (if_arm cond: [ (command.Sentence child: (command.Simple words: [{<command>} {<-v>} {(DQ ($ Id.VSub_Number '$1'))}] redirects: [ (redir op: <Id.Redir_Great '>'> loc: (redir_loc.Fd fd:1) arg: {<'/dev/null'>} ) (redir op: <Id.Redir_GreatAnd '2>&'> loc: (redir_loc.Fd fd:2) arg: {<1>} ) ] do_fork: T ) terminator: <Id.Op_Semi _> ) ] action: [ (C {<wrap_good>} {(DQ ($ Id.VSub_Number '$1') <' command'>)} {(SQ <available>)}) ] spids: [754 771] ) ] else_action: [ (C {<wrap_bad>} {(DQ ($ Id.VSub_Number '$1') <' command'>)} {(SQ <missing>)}) (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:EXITCODE) op: assign_op.Equal rhs: {<1>} spids: [801] ) ] ) ] ) ] ) ) (command.ShFunction name: check_device body: (BraceGroup children: [ (command.If arms: [ (if_arm cond: [ (command.Sentence child: (C {<Id.Lit_LBracket '['>} {<-c>} {(DQ ($ Id.VSub_Number '$1'))} {<Id.Lit_RBracket ']'>} ) terminator: <Id.Op_Semi _> ) ] action: [(C {<wrap_good>} {(DQ ($ Id.VSub_Number '$1'))} {(SQ <present>)})] spids: [817 830] ) ] else_action: [ (C {<wrap_bad>} {(DQ ($ Id.VSub_Number '$1'))} {(SQ <missing>)}) (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:EXITCODE) op: assign_op.Equal rhs: {<1>} spids: [858] ) ] ) ] ) ] ) ) (command.ShFunction name: check_distro_userns body: (BraceGroup children: [ (command.AndOr ops: [Id.Op_DPipe] children: [ (command.Simple words: [{<source>} {<'/etc/os-release'>}] redirects: [ (redir op: <Id.Redir_Great '2>'> loc: (redir_loc.Fd fd:2) arg: {<'/dev/null'>} ) ] do_fork: T ) (C {<'/bin/true'>}) ] ) (command.If arms: [ (if_arm cond: [ (command.Sentence child: (command.DBracket expr: (bool_expr.LogicalAnd left: (bool_expr.Binary op_id: Id.BoolBinary_EqualTilde left: {(DQ (${ Id.VSub_Name ID))} right: {<Id.Lit_Other '^'> <Id.Lit_Other '('> <centos> <Id.Lit_Other '|'> <rhel> <Id.Lit_Other ')'> <Id.Lit_Other '$'> } ) right: (bool_expr.Binary op_id: Id.BoolBinary_EqualTilde left: {(DQ (${ Id.VSub_Name VERSION_ID))} right: {<Id.Lit_Other '^'> <7>} ) ) ) terminator: <Id.Op_Semi _> ) ] action: [ (command.AndOr ops: [Id.Op_DPipe] children: [ (C {<grep>} {<-q>} {(DQ <'user_namespace.enable=1'>)} {<'/proc/cmdline'>}) (BraceGroup children: [ (C {<wrap_bad>} {(DQ <' (RHEL7/CentOS7'>)} { (DQ < 'User namespaces disabled; add \'user_namespace.enable=1\' to boot command line)' > ) } ) (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:EXITCODE) op: assign_op.Equal rhs: {<1>} spids: [959] ) ] ) ] ) ] ) ] spids: [886 922] ) ] ) ] ) ) (command.If arms: [ (if_arm cond: [ (command.Sentence child: (C {<Id.Lit_LBracket '['>} {<Id.KW_Bang '!'>} {<-e>} {(DQ ($ Id.VSub_DollarName '$CONFIG'))} {<Id.Lit_RBracket ']'>} ) terminator: <Id.Op_Semi _> ) ] action: [ (C {<wrap_warning>} { (DQ <'warning: '> ($ Id.VSub_DollarName '$CONFIG') <' does not exist, searching other paths for kernel config ...'> ) } ) (command.ForEach iter_name: tryConfig iter_words: [ { (DQ (braced_var_sub token: <Id.VSub_Name possibleConfigs> bracket_op: (bracket_op.WholeArray op_id:Id.Lit_At) ) ) } ] do_arg_iter: F body: (command.DoGroup children: [ (command.If arms: [ (if_arm cond: [ (command.Sentence child: (C {<Id.Lit_LBracket '['>} {<-e>} {(DQ ($ Id.VSub_DollarName '$tryConfig'))} {<Id.Lit_RBracket ']'>} ) terminator: <Id.Op_Semi _> ) ] action: [ (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:CONFIG) op: assign_op.Equal rhs: {(DQ ($ Id.VSub_DollarName '$tryConfig'))} spids: [1033] ) ] ) (command.ControlFlow token: <Id.ControlFlow_Break break> ) ] spids: [1017 1030] ) ] ) ] ) ) (command.If arms: [ (if_arm cond: [ (command.Sentence child: (C {<Id.Lit_LBracket '['>} {<Id.KW_Bang '!'>} {<-e>} {(DQ ($ Id.VSub_DollarName '$CONFIG'))} {<Id.Lit_RBracket ']'>} ) terminator: <Id.Op_Semi _> ) ] action: [ (C {<wrap_warning>} {(DQ <'error: cannot find kernel config'>)}) (C {<wrap_warning>} {(DQ <' try running this script again, specifying the kernel config:'>)} ) (C {<wrap_warning>} { (DQ <' CONFIG=/path/to/kernel/.config '> ($ Id.VSub_Number '$0') <' or '> ($ Id.VSub_Number '$0') <' /path/to/kernel/.config'> ) } ) (command.ControlFlow token: <Id.ControlFlow_Exit exit> arg_word: {<1>} ) ] spids: [1048 1063] ) ] ) ] spids: [971 986] ) ] ) (C {<wrap_color>} {(DQ <'info: reading kernel config from '> ($ Id.VSub_DollarName '$CONFIG') <' ...'>)} {<white>} ) (C {<echo>}) (C {<echo>} {(SQ <'Generally Necessary:'>)}) (C {<echo>} {<-n>} {(SQ <'- '>)}) (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:cgroupSubsystemDir) op: assign_op.Equal rhs: { (DQ (command_sub left_token: <Id.Left_DollarParen '$('> child: (command.Pipeline children: [ (C {<awk>} { (SQ < '/[, ](cpu|cpuacct|cpuset|devices|freezer|memory)[, ]/ && $3 == "cgroup" { print $2 }' > ) } {<'/proc/mounts'>} ) (C {<head>} {<-n1>}) ] negated: F ) ) ) } spids: [1129] ) ] ) (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:cgroupDir) op: assign_op.Equal rhs: { (DQ (command_sub left_token: <Id.Left_DollarParen '$('> child: (C {<dirname>} {(DQ ($ Id.VSub_DollarName '$cgroupSubsystemDir'))}) ) ) } spids: [1148] ) ] ) (command.If arms: [ (if_arm cond: [ (command.Sentence child: (C {<Id.Lit_LBracket '['>} {<-d>} {(DQ ($ Id.VSub_DollarName '$cgroupDir') <'/cpu'>)} {<-o>} {<-d>} {(DQ ($ Id.VSub_DollarName '$cgroupDir') <'/cpuacct'>)} {<-o>} {<-d>} {(DQ ($ Id.VSub_DollarName '$cgroupDir') <'/cpuset'>)} {<-o>} {<-d>} {(DQ ($ Id.VSub_DollarName '$cgroupDir') <'/devices'>)} {<-o>} {<-d>} {(DQ ($ Id.VSub_DollarName '$cgroupDir') <'/freezer'>)} {<-o>} {<-d>} {(DQ ($ Id.VSub_DollarName '$cgroupDir') <'/memory'>)} {<Id.Lit_RBracket ']'>} ) terminator: <Id.Op_Semi _> ) ] action: [ (C {<echo>} { (DQ (command_sub left_token: <Id.Left_DollarParen '$('> child: (C {<wrap_good>} {(SQ <'cgroup hierarchy'>)} {(SQ <'properly mounted'>)}) ) <' ['> ($ Id.VSub_DollarName '$cgroupDir') <']'> ) } ) ] spids: [1159 1218] ) ] else_action: [ (command.If arms: [ (if_arm cond: [ (command.Sentence child: (C {<Id.Lit_LBracket '['>} {(DQ ($ Id.VSub_DollarName '$cgroupSubsystemDir'))} {<Id.Lit_RBracket ']'>} ) terminator: <Id.Op_Semi _> ) ] action: [ (C {<echo>} { (DQ (command_sub left_token: <Id.Left_DollarParen '$('> child: (C {<wrap_bad>} {(SQ <'cgroup hierarchy'>)} {(SQ <'single mountpoint!'>)}) ) <' ['> ($ Id.VSub_DollarName '$cgroupSubsystemDir') <']'> ) } ) ] spids: [1243 1254] ) ] else_action: [ (C {<echo>} { (DQ (command_sub left_token: <Id.Left_DollarParen '$('> child: (C {<wrap_bad>} {(SQ <'cgroup hierarchy'>)} {(SQ <'nonexistent??'>)}) ) ) } ) ] ) (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:EXITCODE) op: assign_op.Equal rhs: {<1>} spids: [1300] ) ] ) (C {<echo>} { (DQ <' '> (command_sub left_token: <Id.Left_DollarParen '$('> child: (C {<wrap_color>} {(SQ <'(see https://github.com/tianon/cgroupfs-mount)'>)} {<yellow>}) ) ) } ) ] ) (command.If arms: [ (if_arm cond: [ (command.Sentence child: (C {<Id.Lit_LBracket '['>} { (DQ (command_sub left_token: <Id.Left_DollarParen '$('> child: (command.Simple words: [{<cat>} {<'/sys/module/apparmor/parameters/enabled'>}] redirects: [ (redir op: <Id.Redir_Great '2>'> loc: (redir_loc.Fd fd:2) arg: {<'/dev/null'>} ) ] do_fork: T ) ) ) } {<Id.Lit_Equals '='>} {(SQ <Y>)} {<Id.Lit_RBracket ']'>} ) terminator: <Id.Op_Semi _> ) ] action: [ (C {<echo>} {<-n>} {(SQ <'- '>)}) (command.If arms: [ (if_arm cond: [ (command.Sentence child: (command.Simple words: [{<command>} {<-v>} {<apparmor_parser>}] redirects: [ (redir op: <Id.Redir_AndGreat '&>'> loc: (redir_loc.Fd fd:1) arg: {<'/dev/null'>} ) ] do_fork: T ) terminator: <Id.Op_Semi _> ) ] action: [ (C {<echo>} { (DQ (command_sub left_token: <Id.Left_DollarParen '$('> child: (C {<wrap_good>} {(SQ <apparmor>)} {(SQ <'enabled and tools installed'>)}) ) ) } ) ] spids: [1358 1371] ) ] else_action: [ (C {<echo>} { (DQ (command_sub left_token: <Id.Left_DollarParen '$('> child: (C {<wrap_bad>} {(SQ <apparmor>)} {(SQ <'enabled, but apparmor_parser missing'>)} ) ) ) } ) (C {<echo>} {<-n>} {(SQ <' '>)}) (command.If arms: [ (if_arm cond: [ (command.Sentence child: (command.Simple words: [{<command>} {<-v>} {<apt-get>}] redirects: [ (redir op: <Id.Redir_AndGreat '&>'> loc: (redir_loc.Fd fd:1) arg: {<'/dev/null'>} ) ] do_fork: T ) terminator: <Id.Op_Semi _> ) ] action: [ (C {<echo>} { (DQ (command_sub left_token: <Id.Left_DollarParen '$('> child: (C {<wrap_color>} {(SQ <'(use "apt-get install apparmor" to fix this)'>)} ) ) ) } ) ] spids: [1420 1433] ) (if_arm cond: [ (command.Sentence child: (command.Simple words: [{<command>} {<-v>} {<yum>}] redirects: [ (redir op: <Id.Redir_AndGreat '&>'> loc: (redir_loc.Fd fd:1) arg: {<'/dev/null'>} ) ] do_fork: T ) terminator: <Id.Op_Semi _> ) ] action: [ (C {<echo>} { (DQ (command_sub left_token: <Id.Left_DollarParen '$('> child: (C {<wrap_color>} {(SQ <'(your best bet is "yum install apparmor-parser")'>)} ) ) ) } ) ] spids: [1449 1462] ) ] else_action: [ (C {<echo>} { (DQ (command_sub left_token: <Id.Left_DollarParen '$('> child: (C {<wrap_color>} {(SQ <'(look for an "apparmor" package for your distribution)'>)} ) ) ) } ) ] ) (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:EXITCODE) op: assign_op.Equal rhs: {<1>} spids: [1497] ) ] ) ] ) ] spids: [1322 1346] ) ] ) (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:flags) op: assign_op.Equal rhs: { (sh_array_literal left: <Id.Op_LParen _> words: [ {<NAMESPACES>} (word.BracedTree parts: [(word_part.BracedTuple words:[{<NET>} {<PID>} {<IPC>} {<UTS>}]) <_NS>] ) {<CGROUPS>} {<CGROUP_CPUACCT>} {<CGROUP_DEVICE>} {<CGROUP_FREEZER>} {<CGROUP_SCHED>} {<CPUSETS>} {<MEMCG>} {<KEYS>} {<VETH>} {<BRIDGE>} {<BRIDGE_NETFILTER>} {<NF_NAT_IPV4>} {<IP_NF_FILTER>} {<IP_NF_TARGET_MASQUERADE>} (word.BracedTree parts: [ <NETFILTER_XT_MATCH_> (word_part.BracedTuple words: [{<ADDRTYPE>} {<CONNTRACK>} {<IPVS>}] ) ] ) {<IP_NF_NAT>} {<NF_NAT>} {<NF_NAT_NEEDED>} {<POSIX_MQUEUE>} ] ) } spids: [1506] ) ] ) (C {<check_flags>} { (DQ (braced_var_sub token: <Id.VSub_Name flags> bracket_op: (bracket_op.WholeArray op_id:Id.Lit_At) ) ) } ) (command.If arms: [ (if_arm cond: [ (command.Sentence child: (command.AndOr ops: [Id.Op_DPipe] children: [ (C {<Id.Lit_LBracket '['>} {(DQ ($ Id.VSub_DollarName '$kernelMajor'))} {<-lt>} {<4>} {<Id.Lit_RBracket ']'>} ) (C {<Id.Lit_LBracket '['>} {(DQ ($ Id.VSub_DollarName '$kernelMajor'))} {<-eq>} {<4>} {<-a>} {(DQ ($ Id.VSub_DollarName '$kernelMinor'))} {<-lt>} {<8>} {<Id.Lit_RBracket ']'>} ) ] ) terminator: <Id.Op_Semi _> ) ] action: [(C {<check_flags>} {<DEVPTS_MULTIPLE_INSTANCES>})] spids: [1593 1632] ) ] ) (C {<echo>}) (C {<echo>} {(SQ <'Optional Features:'>)}) (BraceGroup children:[(C {<check_flags>} {<USER_NS>}) (C {<check_distro_userns>})]) (BraceGroup children:[(C {<check_flags>} {<SECCOMP>})]) (BraceGroup children:[(C {<check_flags>} {<CGROUP_PIDS>})]) (BraceGroup children: [ (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:CODE) op: assign_op.Equal rhs: {(${ Id.VSub_Name EXITCODE)} spids: [1684] ) ] ) (C {<check_flags>} {<MEMCG_SWAP>} {<MEMCG_SWAP_ENABLED>}) (command.If arms: [ (if_arm cond: [ (command.Sentence child: (C {<Id.Lit_LBracket '['>} {<-e>} {<'/sys/fs/cgroup/memory/memory.memsw.limit_in_bytes'>} {<Id.Lit_RBracket ']'>} ) terminator: <Id.Op_Semi _> ) ] action: [ (C {<echo>} { (DQ <' '> (command_sub left_token: <Id.Left_DollarParen '$('> child: (C {<wrap_color>} {(SQ <'(cgroup swap accounting is currently enabled)'>)} {<bold>} {<black>} ) ) ) } ) (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:EXITCODE) op: assign_op.Equal rhs: {(${ Id.VSub_Name CODE)} spids: [1729] ) ] ) ] spids: [1697 1708] ) (if_arm cond: [ (command.Sentence child: (command.AndOr ops: [Id.Op_DAmp] children: [ (C {<is_set>} {<MEMCG_SWAP>}) (command.Pipeline children: [(C {<is_set>} {<MEMCG_SWAP_ENABLED>})] negated: T ) ] ) terminator: <Id.Op_Semi _> ) ] action: [ (C {<echo>} { (DQ <' '> (command_sub left_token: <Id.Left_DollarParen '$('> child: (C {<wrap_color>} { (SQ < '(cgroup swap accounting is currently not enabled, you can enable it by setting boot option "swapaccount=1")' > ) } {<bold>} {<black>} ) ) ) } ) ] spids: [1735 1750] ) ] ) ] ) (BraceGroup children: [ (command.If arms: [ (if_arm cond: [ (command.Sentence child: (C {<is_set>} {<LEGACY_VSYSCALL_NATIVE>}) terminator: <Id.Op_Semi _> ) ] action: [ (command.Sentence child: (C {<echo>} {<-n>} {(DQ <'- '>)}) terminator: <Id.Op_Semi _> ) (C {<wrap_bad>} {(DQ <CONFIG_LEGACY_VSYSCALL_NATIVE>)} {(SQ <enabled>)}) (C {<echo>} { (DQ <' '> (command_sub left_token: <Id.Left_DollarParen '$('> child: (C {<wrap_color>} { (SQ < '(dangerous, provides an ASLR-bypassing target with usable ROP gadgets.)' > ) } {<bold>} {<black>} ) ) ) } ) ] spids: [1778 1785] ) (if_arm cond: [ (command.Sentence child: (C {<is_set>} {<LEGACY_VSYSCALL_EMULATE>}) terminator: <Id.Op_Semi _> ) ] action: [ (command.Sentence child: (C {<echo>} {<-n>} {(DQ <'- '>)}) terminator: <Id.Op_Semi _> ) (C {<wrap_good>} {(DQ <CONFIG_LEGACY_VSYSCALL_EMULATE>)} {(SQ <enabled>)}) ] spids: [1826 1833] ) (if_arm cond: [ (command.Sentence child: (C {<is_set>} {<LEGACY_VSYSCALL_NONE>}) terminator: <Id.Op_Semi _> ) ] action: [ (command.Sentence child: (C {<echo>} {<-n>} {(DQ <'- '>)}) terminator: <Id.Op_Semi _> ) (C {<wrap_bad>} {(DQ <CONFIG_LEGACY_VSYSCALL_NONE>)} {(SQ <enabled>)}) (C {<echo>} { (DQ <' '> (command_sub left_token: <Id.Left_DollarParen '$('> child: (C {<wrap_color>} {(SQ <'(containers using eglibc <= 2.13 will not work. Switch to'>)} {<bold>} {<black>} ) ) ) } ) (C {<echo>} { (DQ <' '> (command_sub left_token: <Id.Left_DollarParen '$('> child: (C {<wrap_color>} { (SQ < ' "CONFIG_VSYSCALL_[NATIVE|EMULATE]" or use "vsyscall=[native|emulate]"' > ) } {<bold>} {<black>} ) ) ) } ) (C {<echo>} { (DQ <' '> (command_sub left_token: <Id.Left_DollarParen '$('> child: (C {<wrap_color>} { (SQ < ' on kernel command line. Note that this will disable ASLR for the,' > ) } {<bold>} {<black>} ) ) ) } ) (C {<echo>} { (DQ <' '> (command_sub left_token: <Id.Left_DollarParen '$('> child: (C {<wrap_color>} {(SQ <' VDSO which may assist in exploiting security vulnerabilities.)'>)} {<bold>} {<black>} ) ) ) } ) ] spids: [1856 1863] ) ] ) ] ) (command.If arms: [ (if_arm cond: [ (command.Sentence child: (command.AndOr ops: [Id.Op_DPipe] children: [ (C {<Id.Lit_LBracket '['>} {(DQ ($ Id.VSub_DollarName '$kernelMajor'))} {<-lt>} {<4>} {<Id.Lit_RBracket ']'>} ) (C {<Id.Lit_LBracket '['>} {(DQ ($ Id.VSub_DollarName '$kernelMajor'))} {<-eq>} {<4>} {<-a>} {(DQ ($ Id.VSub_DollarName '$kernelMinor'))} {<-le>} {<5>} {<Id.Lit_RBracket ']'>} ) ] ) terminator: <Id.Op_Semi _> ) ] action: [(C {<check_flags>} {<MEMCG_KMEM>})] spids: [1979 2018] ) ] ) (command.If arms: [ (if_arm cond: [ (command.Sentence child: (command.AndOr ops: [Id.Op_DPipe] children: [ (C {<Id.Lit_LBracket '['>} {(DQ ($ Id.VSub_DollarName '$kernelMajor'))} {<-lt>} {<3>} {<Id.Lit_RBracket ']'>} ) (C {<Id.Lit_LBracket '['>} {(DQ ($ Id.VSub_DollarName '$kernelMajor'))} {<-eq>} {<3>} {<-a>} {(DQ ($ Id.VSub_DollarName '$kernelMinor'))} {<-le>} {<18>} {<Id.Lit_RBracket ']'>} ) ] ) terminator: <Id.Op_Semi _> ) ] action: [(C {<check_flags>} {<RESOURCE_COUNTERS>})] spids: [2028 2067] ) ] ) (command.If arms: [ (if_arm cond: [ (command.Sentence child: (command.AndOr ops: [Id.Op_DPipe] children: [ (C {<Id.Lit_LBracket '['>} {(DQ ($ Id.VSub_DollarName '$kernelMajor'))} {<-lt>} {<3>} {<Id.Lit_RBracket ']'>} ) (C {<Id.Lit_LBracket '['>} {(DQ ($ Id.VSub_DollarName '$kernelMajor'))} {<-eq>} {<3>} {<-a>} {(DQ ($ Id.VSub_DollarName '$kernelMinor'))} {<-le>} {<13>} {<Id.Lit_RBracket ']'>} ) ] ) terminator: <Id.Op_Semi _> ) ] action: [ (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:netprio) op: assign_op.Equal rhs: {<NETPRIO_CGROUP>} spids: [2119] ) ] ) ] spids: [2077 2116] ) ] else_action: [ (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:netprio) op: assign_op.Equal rhs: {<CGROUP_NET_PRIO>} spids: [2125] ) ] ) ] ) (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:flags) op: assign_op.Equal rhs: { (sh_array_literal left: <Id.Op_LParen _> words: [ {<BLK_CGROUP>} {<BLK_DEV_THROTTLING>} {<IOSCHED_CFQ>} {<CFQ_GROUP_IOSCHED>} {<CGROUP_PERF>} {<CGROUP_HUGETLB>} {<NET_CLS_CGROUP>} {($ Id.VSub_DollarName '$netprio')} {<CFS_BANDWIDTH>} {<FAIR_GROUP_SCHED>} {<RT_GROUP_SCHED>} {<IP_VS>} {<IP_VS_NFCT>} {<IP_VS_RR>} ] ) } spids: [2131] ) ] ) (C {<check_flags>} { (DQ (braced_var_sub token: <Id.VSub_Name flags> bracket_op: (bracket_op.WholeArray op_id:Id.Lit_At) ) ) } ) (command.If arms: [ (if_arm cond: [ (command.Sentence child: (command.Pipeline children:[(C {<is_set>} {<EXT4_USE_FOR_EXT2>})] negated:T) terminator: <Id.Op_Semi _> ) ] action: [ (C {<check_flags>} {<EXT3_FS>} {<EXT3_FS_XATTR>} {<EXT3_FS_POSIX_ACL>} {<EXT3_FS_SECURITY>}) (command.If arms: [ (if_arm cond: [ (command.Sentence child: (command.AndOr ops: [Id.Op_DPipe Id.Op_DPipe Id.Op_DPipe] children: [ (command.Pipeline children: [(C {<is_set>} {<EXT3_FS>})] negated: T ) (command.Pipeline children: [(C {<is_set>} {<EXT3_FS_XATTR>})] negated: T ) (command.Pipeline children: [(C {<is_set>} {<EXT3_FS_POSIX_ACL>})] negated: T ) (command.Pipeline children: [(C {<is_set>} {<EXT3_FS_SECURITY>})] negated: T ) ] ) terminator: <Id.Op_Semi _> ) ] action: [ (C {<echo>} { (DQ <' '> (command_sub left_token: <Id.Left_DollarParen '$('> child: (C {<wrap_color>} { (SQ < '(enable these ext3 configs if you are using ext3 as backing filesystem)' > ) } {<bold>} {<black>} ) ) ) } ) ] spids: [2207 2240] ) ] ) ] spids: [2184 2193] ) ] ) (C {<check_flags>} {<EXT4_FS>} {<EXT4_FS_POSIX_ACL>} {<EXT4_FS_SECURITY>}) (command.If arms: [ (if_arm cond: [ (command.Sentence child: (command.AndOr ops: [Id.Op_DPipe Id.Op_DPipe] children: [ (command.Pipeline children: [(C {<is_set>} {<EXT4_FS>})] negated: T ) (command.Pipeline children: [(C {<is_set>} {<EXT4_FS_POSIX_ACL>})] negated: T ) (command.Pipeline children: [(C {<is_set>} {<EXT4_FS_SECURITY>})] negated: T ) ] ) terminator: <Id.Op_Semi _> ) ] action: [ (command.If arms: [ (if_arm cond: [ (command.Sentence child: (C {<is_set>} {<EXT4_USE_FOR_EXT2>}) terminator: <Id.Op_Semi _> ) ] action: [ (C {<echo>} { (DQ <' '> (command_sub left_token: <Id.Left_DollarParen '$('> child: (C {<wrap_color>} { (SQ < 'enable these ext4 configs if you are using ext3 or ext4 as backing filesystem' > ) } {<bold>} {<black>} ) ) ) } ) ] spids: [2302 2309] ) ] else_action: [ (C {<echo>} { (DQ <' '> (command_sub left_token: <Id.Left_DollarParen '$('> child: (C {<wrap_color>} { (SQ < 'enable these ext4 configs if you are using ext4 as backing filesystem' > ) } {<bold>} {<black>} ) ) ) } ) ] ) ] spids: [2274 2299] ) ] ) (C {<echo>} {(SQ <'- Network Drivers:'>)}) (C {<echo>} {(SQ <' - "'>) (command_sub left_token: <Id.Left_DollarParen '$('> child: (C {<wrap_color>} {(SQ <overlay>)} {<blue>}) ) (SQ <'":'>) } ) (command.Pipeline children: [(C {<check_flags>} {<VXLAN>}) (C {<sed>} {(SQ <'s/^/ /'>)})] negated: F ) (C {<echo>} {(SQ <' Optional (for encrypted networks):'>)}) (command.Pipeline children: [ (C {<check_flags>} {<CRYPTO>} {<CRYPTO_AEAD>} {<CRYPTO_GCM>} {<CRYPTO_SEQIV>} {<CRYPTO_GHASH>} {<XFRM>} {<XFRM_USER>} {<XFRM_ALGO>} {<INET_ESP>} {<INET_XFRM_MODE_TRANSPORT>} ) (C {<sed>} {(SQ <'s/^/ /'>)}) ] negated: F ) (C {<echo>} {(SQ <' - "'>) (command_sub left_token: <Id.Left_DollarParen '$('> child: (C {<wrap_color>} {(SQ <ipvlan>)} {<blue>}) ) (SQ <'":'>) } ) (command.Pipeline children: [(C {<check_flags>} {<IPVLAN>}) (C {<sed>} {(SQ <'s/^/ /'>)})] negated: F ) (C {<echo>} {(SQ <' - "'>) (command_sub left_token: <Id.Left_DollarParen '$('> child: (C {<wrap_color>} {(SQ <macvlan>)} {<blue>}) ) (SQ <'":'>) } ) (command.Pipeline children: [(C {<check_flags>} {<MACVLAN>} {<DUMMY>}) (C {<sed>} {(SQ <'s/^/ /'>)})] negated: F ) (C {<echo>} {(SQ <' - "'>) (command_sub left_token: <Id.Left_DollarParen '$('> child: (C {<wrap_color>} {(SQ <'ftp,tftp client in container'>)} {<blue>}) ) (SQ <'":'>) } ) (command.Pipeline children: [ (C {<check_flags>} {<NF_NAT_FTP>} {<NF_CONNTRACK_FTP>} {<NF_NAT_TFTP>} {<NF_CONNTRACK_TFTP>}) (C {<sed>} {(SQ <'s/^/ /'>)}) ] negated: F ) (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:CODE) op: assign_op.Equal rhs: {(${ Id.VSub_Name EXITCODE)} spids: [2532] ) ] ) (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:EXITCODE) op: assign_op.Equal rhs: {<0>} spids: [2537] ) ] ) (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:STORAGE) op: assign_op.Equal rhs: {<1>} spids: [2540] ) ] ) (C {<echo>} {(SQ <'- Storage Drivers:'>)}) (C {<echo>} {(SQ <' - "'>) (command_sub left_token: <Id.Left_DollarParen '$('> child: (C {<wrap_color>} {(SQ <aufs>)} {<blue>}) ) (SQ <'":'>) } ) (command.Pipeline children: [(C {<check_flags>} {<AUFS_FS>}) (C {<sed>} {(SQ <'s/^/ /'>)})] negated: F ) (command.If arms: [ (if_arm cond: [ (command.Sentence child: (command.AndOr ops: [Id.Op_DAmp] children: [ (command.Pipeline children: [(C {<is_set>} {<AUFS_FS>})] negated: T ) (C {<grep>} {<-q>} {<aufs>} {<'/proc/filesystems'>}) ] ) terminator: <Id.Op_Semi _> ) ] action: [ (C {<echo>} { (DQ <' '> (command_sub left_token: <Id.Left_DollarParen '$('> child: (C {<wrap_color>} { (SQ < '(note that some kernels include AUFS patches but not the AUFS_FS flag)' > ) } {<bold>} {<black>} ) ) ) } ) ] spids: [2580 2599] ) ] ) (command.AndOr ops: [Id.Op_DAmp] children: [ (C {<Id.Lit_LBracket '['>} {(DQ ($ Id.VSub_DollarName '$EXITCODE'))} {<Id.Lit_Equals '='>} {<0>} {<Id.Lit_RBracket ']'>} ) (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:STORAGE) op: assign_op.Equal rhs: {<0>} spids: [2635] ) ] ) ] ) (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:EXITCODE) op: assign_op.Equal rhs: {<0>} spids: [2638] ) ] ) (C {<echo>} {(SQ <' - "'>) (command_sub left_token: <Id.Left_DollarParen '$('> child: (C {<wrap_color>} {(SQ <btrfs>)} {<blue>}) ) (SQ <'":'>) } ) (command.Pipeline children: [(C {<check_flags>} {<BTRFS_FS>}) (C {<sed>} {(SQ <'s/^/ /'>)})] negated: F ) (command.Pipeline children: [(C {<check_flags>} {<BTRFS_FS_POSIX_ACL>}) (C {<sed>} {(SQ <'s/^/ /'>)})] negated: F ) (command.AndOr ops: [Id.Op_DAmp] children: [ (C {<Id.Lit_LBracket '['>} {(DQ ($ Id.VSub_DollarName '$EXITCODE'))} {<Id.Lit_Equals '='>} {<0>} {<Id.Lit_RBracket ']'>} ) (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:STORAGE) op: assign_op.Equal rhs: {<0>} spids: [2698] ) ] ) ] ) (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:EXITCODE) op: assign_op.Equal rhs: {<0>} spids: [2701] ) ] ) (C {<echo>} {(SQ <' - "'>) (command_sub left_token: <Id.Left_DollarParen '$('> child: (C {<wrap_color>} {(SQ <devicemapper>)} {<blue>}) ) (SQ <'":'>) } ) (command.Pipeline children: [ (C {<check_flags>} {<BLK_DEV_DM>} {<DM_THIN_PROVISIONING>}) (C {<sed>} {(SQ <'s/^/ /'>)}) ] negated: F ) (command.AndOr ops: [Id.Op_DAmp] children: [ (C {<Id.Lit_LBracket '['>} {(DQ ($ Id.VSub_DollarName '$EXITCODE'))} {<Id.Lit_Equals '='>} {<0>} {<Id.Lit_RBracket ']'>} ) (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:STORAGE) op: assign_op.Equal rhs: {<0>} spids: [2751] ) ] ) ] ) (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:EXITCODE) op: assign_op.Equal rhs: {<0>} spids: [2754] ) ] ) (C {<echo>} {(SQ <' - "'>) (command_sub left_token: <Id.Left_DollarParen '$('> child: (C {<wrap_color>} {(SQ <overlay>)} {<blue>}) ) (SQ <'":'>) } ) (command.Pipeline children: [(C {<check_flags>} {<OVERLAY_FS>}) (C {<sed>} {(SQ <'s/^/ /'>)})] negated: F ) (command.AndOr ops: [Id.Op_DAmp] children: [ (C {<Id.Lit_LBracket '['>} {(DQ ($ Id.VSub_DollarName '$EXITCODE'))} {<Id.Lit_Equals '='>} {<0>} {<Id.Lit_RBracket ']'>} ) (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:STORAGE) op: assign_op.Equal rhs: {<0>} spids: [2802] ) ] ) ] ) (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:EXITCODE) op: assign_op.Equal rhs: {<0>} spids: [2805] ) ] ) (C {<echo>} {(SQ <' - "'>) (command_sub left_token: <Id.Left_DollarParen '$('> child: (C {<wrap_color>} {(SQ <zfs>)} {<blue>}) ) (SQ <'":'>) } ) (command.CommandList children: [ (command.Sentence child: (C {<echo>} {<-n>} {(DQ <' - '>)}) terminator: <Id.Op_Semi _> ) (C {<check_device>} {<'/dev/zfs'>}) ] ) (command.CommandList children: [ (command.Sentence child: (C {<echo>} {<-n>} {(DQ <' - '>)}) terminator: <Id.Op_Semi _> ) (C {<check_command>} {<zfs>}) ] ) (command.CommandList children: [ (command.Sentence child: (C {<echo>} {<-n>} {(DQ <' - '>)}) terminator: <Id.Op_Semi _> ) (C {<check_command>} {<zpool>}) ] ) (command.AndOr ops: [Id.Op_DAmp] children: [ (C {<Id.Lit_LBracket '['>} {(DQ ($ Id.VSub_DollarName '$EXITCODE'))} {<Id.Lit_Equals '='>} {<0>} {<Id.Lit_RBracket ']'>} ) (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:STORAGE) op: assign_op.Equal rhs: {<0>} spids: [2880] ) ] ) ] ) (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:EXITCODE) op: assign_op.Equal rhs: {<0>} spids: [2883] ) ] ) (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:EXITCODE) op: assign_op.Equal rhs: {($ Id.VSub_DollarName '$CODE')} spids: [2887] ) ] ) (command.AndOr ops: [Id.Op_DAmp] children: [ (C {<Id.Lit_LBracket '['>} {(DQ ($ Id.VSub_DollarName '$STORAGE'))} {<Id.Lit_Equals '='>} {<1>} {<Id.Lit_RBracket ']'>} ) (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:EXITCODE) op: assign_op.Equal rhs: {<1>} spids: [2904] ) ] ) ] ) (C {<echo>}) (command.ShFunction name: check_limit_over body: (BraceGroup children: [ (command.If arms: [ (if_arm cond: [ (command.Sentence child: (C {<Id.Lit_LBracket '['>} { (command_sub left_token: <Id.Left_DollarParen '$('> child: (C {<cat>} {(DQ ($ Id.VSub_Number '$1'))}) ) } {<-le>} {(DQ ($ Id.VSub_Number '$2'))} {<Id.Lit_RBracket ']'>} ) terminator: <Id.Op_Semi _> ) ] action: [ (C {<wrap_bad>} {(DQ <'- '> ($ Id.VSub_Number '$1'))} { (DQ (command_sub left_token: <Id.Left_DollarParen '$('> child: (C {<cat>} {($ Id.VSub_Number '$1')}) ) ) } ) (C {<wrap_color>} { (DQ <' This should be set to at least '> ($ Id.VSub_Number '$2') <', for example set: sysctl -w kernel/keys/root_maxkeys=1000000'> ) } {<bold>} {<black>} ) (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:EXITCODE) op: assign_op.Equal rhs: {<1>} spids: [2971] ) ] ) ] spids: [2918 2939] ) ] else_action: [ (C {<wrap_good>} {(DQ <'- '> ($ Id.VSub_Number '$1'))} { (DQ (command_sub left_token: <Id.Left_DollarParen '$('> child: (C {<cat>} {($ Id.VSub_Number '$1')}) ) ) } ) ] ) ] ) ) (C {<echo>} {(SQ <'Limits:'>)}) (C {<check_limit_over>} {<'/proc/sys/kernel/keys/root_maxkeys'>} {<10000>}) (C {<echo>}) (command.ControlFlow token: <Id.ControlFlow_Exit exit> arg_word: {($ Id.VSub_DollarName '$EXITCODE')} ) ] )