Executability check (Linux >= 6.13)

[rusty-snake]

https://docs.kernel.org/next/userspace-api/check_exec.html

• AT_EXECVE_CHECK
  • for execveat which is rustix_1_0_5::not_implemented::quite_yet ATM. However we do not need to wait for it, we can just add it to AtFlags.
• SECBIT_EXEC_RESTRICT_FILE and SECBIT_EXEC_DENY_INTERACTIVE (+ _LOCKED variants)
  • add to CapabilitiesSecureBits

Oblivious it depends on linux_raw_sys and libc support for those flags.

[LtdJorge]

Seems to me like rustix (and linux_raw_sys) has to expose securebits.h, although libc doesn't.

[rusty-snake]

With libc you mean libc crate? or libc (as in libc.so/glibc/musl)?

In the libc crate case, the reason is likely not-yet-implemented.

---

• capabilities_secure_bits, set_capabilities_secure_bits, CapabilitiesSecureBits

Can we please rename them and strip the (then/now) misleading capability part.

[LtdJorge]

Yes, I meant the libc crate.