rustix icon indicating copy to clipboard operation
rustix copied to clipboard

Published 20 hours ago verified publisher icon bytecodealliance

Executability check (Linux >= 6.13)

Open rusty-snake opened this issue 7 months ago • 3 comments

https://docs.kernel.org/next/userspace-api/check_exec.html

  • [ ] AT_EXECVE_CHECK
    • for execveat which is rustix_1_0_5::not_implemented::quite_yet ATM. However we do not need to wait for it, we can just add it to AtFlags.
  • [ ] SECBIT_EXEC_RESTRICT_FILE and SECBIT_EXEC_DENY_INTERACTIVE (+ _LOCKED variants)
    • add to CapabilitiesSecureBits

Oblivious it depends on linux_raw_sys and libc support for those flags.

rusty-snake avatar Apr 04 '25 16:04 rusty-snake

Seems to me like rustix (and linux_raw_sys) has to expose securebits.h, although libc doesn't.

LtdJorge avatar May 31 '25 23:05 LtdJorge

With libc you mean libc crate? or libc (as in libc.so/glibc/musl)?

In the libc crate case, the reason is likely not-yet-implemented.

  • capabilities_secure_bits, set_capabilities_secure_bits, CapabilitiesSecureBits

Can we please rename them and strip the (then/now) misleading capability part.

rusty-snake avatar Jun 01 '25 07:06 rusty-snake

Yes, I meant the libc crate.

LtdJorge avatar Jun 01 '25 08:06 LtdJorge