Replace warnings with explanation

2026-02-04 23:52:06 +08:00 · 2026-02-04 23:52:06 +08:00 · 18f97d01fc
parent dd25a8ad62
commit 18f97d01fc
1 changed files with 14 additions and 14 deletions
--- a/kernel/src/process/credentials/secure_bits.rs
+++ b/kernel/src/process/credentials/secure_bits.rs
@ -55,6 +55,13 @@ impl SecureBits {
        Self::from_bits_truncate((self.bits & Self::LOCK_MASK) >> 1)
    }

+    // Currently, we never grant capabilities when executing a new program, even when switching to
+    // root. Therefore, this flag is not used.
+    #[expect(dead_code)]
+    pub(super) fn no_root(&self) -> bool {
+        self.contains(SecureBits::NOROOT)
+    }
+
    pub(super) fn keep_capabilities(&self) -> bool {
        self.contains(SecureBits::KEEP_CAPS)
    }
@ -62,6 +69,13 @@ impl SecureBits {
    pub(super) fn no_setuid_fixup(&self) -> bool {
        self.contains(SecureBits::NO_SETUID_FIXUP)
    }
+
+    // Currently, ambient capabilities and the PR_CAP_AMBIENT_RAISE operation are not supported.
+    // Therefore, this flag is not used.
+    #[expect(dead_code)]
+    pub(super) fn no_cap_ambient_raise(&self) -> bool {
+        self.contains(SecureBits::NO_CAP_AMBIENT_RAISE)
+    }
 }

 impl TryFrom<u16> for SecureBits {
@ -72,20 +86,6 @@ impl TryFrom<u16> for SecureBits {
            return_errno_with_message!(Errno::EINVAL, "the bits are not valid secure bits");
        }

-        #[cfg(debug_assertions)]
-        {
-            // Warn about unsupported bits in debug builds.
-            const DUMMY_IMPL_BITS: u16 =
-                SecureBits::NOROOT.bits() | SecureBits::NO_CAP_AMBIENT_RAISE.bits();
-            let dummy_bits = value & DUMMY_IMPL_BITS;
-            if dummy_bits != 0 {
-                warn!(
-                    "Some SecureBits flags are unsupported currently: {:?}.",
-                    SecureBits::from_bits_truncate(dummy_bits)
-                );
-            }
-        }
-
        Ok(SecureBits { bits: value })
    }
 }