Add SECBIT_ constants from securebits.h

See: https://github.com/torvalds/linux/blob/master/include/uapi/linux/securebits.h

Author: chriswailes

libc-test/build.rs

@@ -3873,6 +3873,7 @@ fn test_linux(target: &str) {
             "linux/sched.h",
             "linux/sctp.h",
             "linux/seccomp.h",
+            "linux/securebits.h",
             "linux/sock_diag.h",
             "linux/sockios.h",
             "linux/tls.h",

libc-test/semver/linux.txt

@@ -2776,6 +2776,17 @@ SCTP_STATUS
 SCTP_STREAM_RESET_INCOMING
 SCTP_STREAM_RESET_OUTGOING
 SCTP_UNORDERED
+SECBIT_NOROOT
+SECBIT_NOROOT_LOCKED
+SECBIT_NO_SETUID_FIXUP
+SECBIT_NO_SETUID_FIXUP_LOCKED
+SECBIT_KEEP_CAPS
+SECBIT_KEEP_CAPS_LOCKED
+SECBIT_NO_CAP_AMBIENT_RAISE
+SECBIT_NO_CAP_AMBIENT_RAISE_LOCKED
+SECUREBITS_DEFAULT
+SECURE_ALL_BITS
+SECURE_ALL_LOCKS
 SECCOMP_ADDFD_FLAG_SEND
 SECCOMP_ADDFD_FLAG_SETFD
 SECCOMP_FILTER_FLAG_LOG

src/unix/linux_like/linux/mod.rs

@@ -4815,6 +4815,26 @@ pub const IN_ONLYDIR: u32 = 0x0100_0000;
 pub const IN_DONT_FOLLOW: u32 = 0x0200_0000;
 pub const IN_EXCL_UNLINK: u32 = 0x0400_0000;
 
+// uapi/linux/securebits.h
+pub const SECBIT_NOROOT: c_int = 1 << 0;
+pub const SECBIT_NOROOT_LOCKED: c_int = 1 << 1;
+
+pub const SECBIT_NO_SETUID_FIXUP: c_int = 1 << 2;
+pub const SECBIT_NO_SETUID_FIXUP_LOCKED: c_int = 1 << 3;
+
+pub const SECBIT_KEEP_CAPS: c_int = 1 << 4;
+pub const SECBIT_KEEP_CAPS_LOCKED: c_int = 1 << 5;
+
+pub const SECBIT_NO_CAP_AMBIENT_RAISE: c_int = 1 << 6;
+pub const SECBIT_NO_CAP_AMBIENT_RAISE_LOCKED: c_int = 1 << 7;
+
+pub const SECUREBITS_DEFAULT: c_int = 0x00000000;
+pub const SECURE_ALL_BITS: c_int = SECBIT_NOROOT
+    | SECBIT_NO_SETUID_FIXUP
+    | SECBIT_KEEP_CAPS
+    | SECBIT_NO_CAP_AMBIENT_RAISE;
+pub const SECURE_ALL_LOCKS: c_int = SECURE_ALL_BITS << 1;
+
 // linux/keyctl.h
 pub const KEY_SPEC_THREAD_KEYRING: i32 = -1;
 pub const KEY_SPEC_PROCESS_KEYRING: i32 = -2;