From 7b961a876b56d5926fe7ba6437a0459da9aa60bc Mon Sep 17 00:00:00 2001
From: Isaac Freund <ifreund@ifreund.xyz>
Date: Fri, 11 Sep 2020 01:34:10 +0200
Subject: std: add prctl definition for linux

---
 lib/std/os/bits/linux.zig | 1 +
 1 file changed, 1 insertion(+)

(limited to 'lib/std/os/bits/linux.zig')

diff --git a/lib/std/os/bits/linux.zig b/lib/std/os/bits/linux.zig
index f393f04abe..e8625179db 100644
--- a/lib/std/os/bits/linux.zig
+++ b/lib/std/os/bits/linux.zig
@@ -25,6 +25,7 @@ pub usingnamespace switch (builtin.arch) {
 };
 
 pub usingnamespace @import("linux/netlink.zig");
+pub usingnamespace @import("linux/prctl.zig");
 
 const is_mips = builtin.arch.isMIPS();
 
-- 
cgit v1.2.3


From b6f4601545547fff7afa19cba0f26354d651e818 Mon Sep 17 00:00:00 2001
From: Isaac Freund <ifreund@ifreund.xyz>
Date: Fri, 11 Sep 2020 14:19:59 +0200
Subject: std: add securebits definitions for linux

---
 lib/std/os/bits/linux.zig            |  1 +
 lib/std/os/bits/linux/securebits.zig | 41 ++++++++++++++++++++++++++++++++++++
 2 files changed, 42 insertions(+)
 create mode 100644 lib/std/os/bits/linux/securebits.zig

(limited to 'lib/std/os/bits/linux.zig')

diff --git a/lib/std/os/bits/linux.zig b/lib/std/os/bits/linux.zig
index e8625179db..df31bc32fd 100644
--- a/lib/std/os/bits/linux.zig
+++ b/lib/std/os/bits/linux.zig
@@ -26,6 +26,7 @@ pub usingnamespace switch (builtin.arch) {
 
 pub usingnamespace @import("linux/netlink.zig");
 pub usingnamespace @import("linux/prctl.zig");
+pub usingnamespace @import("linux/securebits.zig");
 
 const is_mips = builtin.arch.isMIPS();
 
diff --git a/lib/std/os/bits/linux/securebits.zig b/lib/std/os/bits/linux/securebits.zig
new file mode 100644
index 0000000000..0086a694d9
--- /dev/null
+++ b/lib/std/os/bits/linux/securebits.zig
@@ -0,0 +1,41 @@
+// SPDX-License-Identifier: MIT
+// Copyright (c) 2015-2020 Zig Contributors
+// This file is part of [zig](https://ziglang.org/), which is MIT licensed.
+// The MIT license requires this copyright notice to be included in all copies
+// and substantial portions of the software.
+
+fn issecure_mask(comptime x: comptime_int) comptime_int {
+    return 1 << x;
+}
+
+pub const SECUREBITS_DEFAULT = 0x00000000;
+
+pub const SECURE_NOROOT = 0;
+pub const SECURE_NOROOT_LOCKED = 1;
+
+pub const SECBIT_NOROOT = issecure_mask(SECURE_NOROOT);
+pub const SECBIT_NOROOT_LOCKED = issecure_mask(SECURE_NOROOT_LOCKED);
+
+pub const SECURE_NO_SETUID_FIXUP = 2;
+pub const SECURE_NO_SETUID_FIXUP_LOCKED = 3;
+
+pub const SECBIT_NO_SETUID_FIXUP = issecure_mask(SECURE_NO_SETUID_FIXUP);
+pub const SECBIT_NO_SETUID_FIXUP_LOCKED = issecure_mask(SECURE_NO_SETUID_FIXUP_LOCKED);
+
+pub const SECURE_KEEP_CAPS = 4;
+pub const SECURE_KEEP_CAPS_LOCKED = 5;
+
+pub const SECBIT_KEEP_CAPS = issecure_mask(SECURE_KEEP_CAPS);
+pub const SECBIT_KEEP_CAPS_LOCKED = issecure_mask(SECURE_KEEP_CAPS_LOCKED);
+
+pub const SECURE_NO_CAP_AMBIENT_RAISE = 6;
+pub const SECURE_NO_CAP_AMBIENT_RAISE_LOCKED = 7;
+
+pub const SECBIT_NO_CAP_AMBIENT_RAISE = issecure_mask(SECURE_NO_CAP_AMBIENT_RAISE);
+pub const SECBIT_NO_CAP_AMBIENT_RAISE_LOCKED = issecure_mask(SECURE_NO_CAP_AMBIENT_RAISE_LOCKED);
+
+pub const SECURE_ALL_BITS = issecure_mask(SECURE_NOROOT) |
+    issecure_mask(SECURE_NO_SETUID_FIXUP) |
+    issecure_mask(SECURE_KEEP_CAPS) |
+    issecure_mask(SECURE_NO_CAP_AMBIENT_RAISE);
+pub const SECURE_ALL_LOCKS = SECURE_ALL_BITS << 1;
-- 
cgit v1.2.3