diff --git a/libc-test/build.rs b/libc-test/build.rs
index 23eef46d3e617..56c169201ace7 100644
--- a/libc-test/build.rs
+++ b/libc-test/build.rs
@@ -3873,6 +3873,7 @@ fn test_linux(target: &str) {
             "linux/sched.h",
             "linux/sctp.h",
             "linux/seccomp.h",
+            "linux/securebits.h",
             "linux/sock_diag.h",
             "linux/sockios.h",
             "linux/tls.h",
diff --git a/libc-test/semver/linux.txt b/libc-test/semver/linux.txt
index a71b3ff04561f..f88769996e81b 100644
--- a/libc-test/semver/linux.txt
+++ b/libc-test/semver/linux.txt
@@ -2776,6 +2776,14 @@ SCTP_STATUS
 SCTP_STREAM_RESET_INCOMING
 SCTP_STREAM_RESET_OUTGOING
 SCTP_UNORDERED
+SECBIT_KEEP_CAPS
+SECBIT_KEEP_CAPS_LOCKED
+SECBIT_NOROOT
+SECBIT_NOROOT_LOCKED
+SECBIT_NO_CAP_AMBIENT_RAISE
+SECBIT_NO_CAP_AMBIENT_RAISE_LOCKED
+SECBIT_NO_SETUID_FIXUP
+SECBIT_NO_SETUID_FIXUP_LOCKED
 SECCOMP_ADDFD_FLAG_SEND
 SECCOMP_ADDFD_FLAG_SETFD
 SECCOMP_FILTER_FLAG_LOG
@@ -2804,6 +2812,9 @@ SECCOMP_RET_USER_NOTIF
 SECCOMP_SET_MODE_FILTER
 SECCOMP_SET_MODE_STRICT
 SECCOMP_USER_NOTIF_FLAG_CONTINUE
+SECUREBITS_DEFAULT
+SECURE_ALL_BITS
+SECURE_ALL_LOCKS
 SEEK_DATA
 SEEK_HOLE
 SELFMAG
diff --git a/src/unix/linux_like/linux/mod.rs b/src/unix/linux_like/linux/mod.rs
index 258bf9c0848e6..77a93bb2c75c4 100644
--- a/src/unix/linux_like/linux/mod.rs
+++ b/src/unix/linux_like/linux/mod.rs
@@ -4815,6 +4815,26 @@ pub const IN_ONLYDIR: u32 = 0x0100_0000;
 pub const IN_DONT_FOLLOW: u32 = 0x0200_0000;
 pub const IN_EXCL_UNLINK: u32 = 0x0400_0000;
 
+// uapi/linux/securebits.h
+pub const SECBIT_NOROOT: c_int = 1 << 0;
+pub const SECBIT_NOROOT_LOCKED: c_int = 1 << 1;
+
+pub const SECBIT_NO_SETUID_FIXUP: c_int = 1 << 2;
+pub const SECBIT_NO_SETUID_FIXUP_LOCKED: c_int = 1 << 3;
+
+pub const SECBIT_KEEP_CAPS: c_int = 1 << 4;
+pub const SECBIT_KEEP_CAPS_LOCKED: c_int = 1 << 5;
+
+pub const SECBIT_NO_CAP_AMBIENT_RAISE: c_int = 1 << 6;
+pub const SECBIT_NO_CAP_AMBIENT_RAISE_LOCKED: c_int = 1 << 7;
+
+pub const SECUREBITS_DEFAULT: c_int = 0x00000000;
+pub const SECURE_ALL_BITS: c_int = SECBIT_NOROOT
+    | SECBIT_NO_SETUID_FIXUP
+    | SECBIT_KEEP_CAPS
+    | SECBIT_NO_CAP_AMBIENT_RAISE;
+pub const SECURE_ALL_LOCKS: c_int = SECURE_ALL_BITS << 1;
+
 // linux/keyctl.h
 pub const KEY_SPEC_THREAD_KEYRING: i32 = -1;
 pub const KEY_SPEC_PROCESS_KEYRING: i32 = -2;