linux: Add EXEC_RESTRICT_FILE and EXEC_DENY_INTERACTIVE securebits

These were added in 6.14 with the following commit:
torvalds/linux@a0623b2

Signed-off-by: Jens Reidel <[email protected]>

Author: Gelbpunkt

libc-test/semver/linux.txt

@@ -2776,6 +2776,10 @@ SCTP_STATUS
 SCTP_STREAM_RESET_INCOMING
 SCTP_STREAM_RESET_OUTGOING
 SCTP_UNORDERED
+SECBIT_EXEC_DENY_INTERACTIVE
+SECBIT_EXEC_DENY_INTERACTIVE_LOCKED
+SECBIT_EXEC_RESTRICT_FILE
+SECBIT_EXEC_RESTRICT_FILE_LOCKED
 SECBIT_KEEP_CAPS
 SECBIT_KEEP_CAPS_LOCKED
 SECBIT_NOROOT

src/unix/linux_like/linux/mod.rs

@@ -4750,11 +4750,31 @@ pub const SECBIT_NO_CAP_AMBIENT_RAISE: c_int = issecure_mask(SECURE_NO_CAP_AMBIE
 pub const SECBIT_NO_CAP_AMBIENT_RAISE_LOCKED: c_int =
     issecure_mask(SECURE_NO_CAP_AMBIENT_RAISE_LOCKED);
 
+const SECURE_EXEC_RESTRICT_FILE: c_int = 8;
+const SECURE_EXEC_RESTRICT_FILE_LOCKED: c_int = 9;
+
+pub const SECBIT_EXEC_RESTRICT_FILE: c_int = issecure_mask(SECURE_EXEC_RESTRICT_FILE);
+pub const SECBIT_EXEC_RESTRICT_FILE_LOCKED: c_int =
+    issecure_mask(SECURE_EXEC_RESTRICT_FILE_LOCKED);
+
+const SECURE_EXEC_DENY_INTERACTIVE: c_int = 10;
+const SECURE_EXEC_DENY_INTERACTIVE_LOCKED: c_int = 11;
+
+pub const SECBIT_EXEC_DENY_INTERACTIVE: c_int = issecure_mask(SECURE_EXEC_DENY_INTERACTIVE);
+pub const SECBIT_EXEC_DENY_INTERACTIVE_LOCKED: c_int =
+    issecure_mask(SECURE_EXEC_DENY_INTERACTIVE_LOCKED);
+
 pub const SECUREBITS_DEFAULT: c_int = 0x00000000;
-pub const SECURE_ALL_BITS: c_int =
-    SECBIT_NOROOT | SECBIT_NO_SETUID_FIXUP | SECBIT_KEEP_CAPS | SECBIT_NO_CAP_AMBIENT_RAISE;
+pub const SECURE_ALL_BITS: c_int = SECBIT_NOROOT
+    | SECBIT_NO_SETUID_FIXUP
+    | SECBIT_KEEP_CAPS
+    | SECBIT_NO_CAP_AMBIENT_RAISE
+    | SECBIT_EXEC_RESTRICT_FILE
+    | SECBIT_EXEC_DENY_INTERACTIVE;
 pub const SECURE_ALL_LOCKS: c_int = SECURE_ALL_BITS << 1;
 
+pub const SECURE_ALL_UNPRIVILEGED: c_int = SECBIT_EXEC_RESTRICT_FILE | SECBIT_EXEC_DENY_INTERACTIVE;
+
 const fn issecure_mask(x: c_int) -> c_int {
     1 << x
 }