Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit f811577

Browse files
chriswaileschriswailes
committed
Add SECBIT_ constants from securebits.h
See: https://github.com/torvalds/linux/blob/master/include/uapi/linux/securebits.h
1 parent 9d520fb commit f811577

File tree

3 files changed

+47
-0
lines changed

3 files changed

+47
-0
lines changed

libc-test/build.rs

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3873,6 +3873,7 @@ fn test_linux(target: &str) {
38733873
"linux/sched.h",
38743874
"linux/sctp.h",
38753875
"linux/seccomp.h",
3876+
"linux/securebits.h",
38763877
"linux/sock_diag.h",
38773878
"linux/sockios.h",
38783879
"linux/tls.h",

libc-test/semver/linux.txt

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2776,6 +2776,14 @@ SCTP_STATUS
27762776
SCTP_STREAM_RESET_INCOMING
27772777
SCTP_STREAM_RESET_OUTGOING
27782778
SCTP_UNORDERED
2779+
SECBIT_KEEP_CAPS
2780+
SECBIT_KEEP_CAPS_LOCKED
2781+
SECBIT_NOROOT
2782+
SECBIT_NOROOT_LOCKED
2783+
SECBIT_NO_CAP_AMBIENT_RAISE
2784+
SECBIT_NO_CAP_AMBIENT_RAISE_LOCKED
2785+
SECBIT_NO_SETUID_FIXUP
2786+
SECBIT_NO_SETUID_FIXUP_LOCKED
27792787
SECCOMP_ADDFD_FLAG_SEND
27802788
SECCOMP_ADDFD_FLAG_SETFD
27812789
SECCOMP_FILTER_FLAG_LOG
@@ -2804,6 +2812,9 @@ SECCOMP_RET_USER_NOTIF
28042812
SECCOMP_SET_MODE_FILTER
28052813
SECCOMP_SET_MODE_STRICT
28062814
SECCOMP_USER_NOTIF_FLAG_CONTINUE
2815+
SECUREBITS_DEFAULT
2816+
SECURE_ALL_BITS
2817+
SECURE_ALL_LOCKS
28072818
SEEK_DATA
28082819
SEEK_HOLE
28092820
SELFMAG

src/unix/linux_like/linux/mod.rs

Lines changed: 35 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4816,6 +4816,41 @@ pub const IN_ONLYDIR: u32 = 0x0100_0000;
48164816
pub const IN_DONT_FOLLOW: u32 = 0x0200_0000;
48174817
pub const IN_EXCL_UNLINK: u32 = 0x0400_0000;
48184818

4819+
// uapi/linux/securebits.h
4820+
const SECURE_NOROOT: c_int = 0;
4821+
const SECURE_NOROOT_LOCKED: c_int = 1;
4822+
4823+
pub const SECBIT_NOROOT: c_int = issecure_mask(SECURE_NOROOT);
4824+
pub const SECBIT_NOROOT_LOCKED: c_int = issecure_mask(SECURE_NOROOT_LOCKED);
4825+
4826+
const SECURE_NO_SETUID_FIXUP: c_int = 2;
4827+
const SECURE_NO_SETUID_FIXUP_LOCKED: c_int = 3;
4828+
4829+
pub const SECBIT_NO_SETUID_FIXUP: c_int = issecure_mask(SECURE_NO_SETUID_FIXUP);
4830+
pub const SECBIT_NO_SETUID_FIXUP_LOCKED: c_int = issecure_mask(SECURE_NO_SETUID_FIXUP_LOCKED);
4831+
4832+
const SECURE_KEEP_CAPS: c_int = 4;
4833+
const SECURE_KEEP_CAPS_LOCKED: c_int = 5;
4834+
4835+
pub const SECBIT_KEEP_CAPS: c_int = issecure_mask(SECURE_KEEP_CAPS);
4836+
pub const SECBIT_KEEP_CAPS_LOCKED: c_int = issecure_mask(SECURE_KEEP_CAPS_LOCKED);
4837+
4838+
const SECURE_NO_CAP_AMBIENT_RAISE: c_int = 6;
4839+
const SECURE_NO_CAP_AMBIENT_RAISE_LOCKED: c_int = 7;
4840+
4841+
pub const SECBIT_NO_CAP_AMBIENT_RAISE: c_int = issecure_mask(SECURE_NO_CAP_AMBIENT_RAISE);
4842+
pub const SECBIT_NO_CAP_AMBIENT_RAISE_LOCKED: c_int =
4843+
issecure_mask(SECURE_NO_CAP_AMBIENT_RAISE_LOCKED);
4844+
4845+
pub const SECUREBITS_DEFAULT: c_int = 0x00000000;
4846+
pub const SECURE_ALL_BITS: c_int =
4847+
SECBIT_NOROOT | SECBIT_NO_SETUID_FIXUP | SECBIT_KEEP_CAPS | SECBIT_NO_CAP_AMBIENT_RAISE;
4848+
pub const SECURE_ALL_LOCKS: c_int = SECURE_ALL_BITS << 1;
4849+
4850+
const fn issecure_mask(x: c_int) -> c_int {
4851+
1 << x
4852+
}
4853+
48194854
// linux/keyctl.h
48204855
pub const KEY_SPEC_THREAD_KEYRING: i32 = -1;
48214856
pub const KEY_SPEC_PROCESS_KEYRING: i32 = -2;

0 commit comments

Comments
 (0)