From 18f97d01fc40cb27633c681d3482ef173f0d0658 Mon Sep 17 00:00:00 2001 From: Ruihan Li Date: Wed, 4 Feb 2026 23:52:06 +0800 Subject: [PATCH] Replace warnings with explanation --- kernel/src/process/credentials/secure_bits.rs | 28 +++++++++---------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/kernel/src/process/credentials/secure_bits.rs b/kernel/src/process/credentials/secure_bits.rs index f4c46b373..2f7136026 100644 --- a/kernel/src/process/credentials/secure_bits.rs +++ b/kernel/src/process/credentials/secure_bits.rs @@ -55,6 +55,13 @@ impl SecureBits { Self::from_bits_truncate((self.bits & Self::LOCK_MASK) >> 1) } + // Currently, we never grant capabilities when executing a new program, even when switching to + // root. Therefore, this flag is not used. + #[expect(dead_code)] + pub(super) fn no_root(&self) -> bool { + self.contains(SecureBits::NOROOT) + } + pub(super) fn keep_capabilities(&self) -> bool { self.contains(SecureBits::KEEP_CAPS) } @@ -62,6 +69,13 @@ impl SecureBits { pub(super) fn no_setuid_fixup(&self) -> bool { self.contains(SecureBits::NO_SETUID_FIXUP) } + + // Currently, ambient capabilities and the PR_CAP_AMBIENT_RAISE operation are not supported. + // Therefore, this flag is not used. + #[expect(dead_code)] + pub(super) fn no_cap_ambient_raise(&self) -> bool { + self.contains(SecureBits::NO_CAP_AMBIENT_RAISE) + } } impl TryFrom for SecureBits { @@ -72,20 +86,6 @@ impl TryFrom for SecureBits { return_errno_with_message!(Errno::EINVAL, "the bits are not valid secure bits"); } - #[cfg(debug_assertions)] - { - // Warn about unsupported bits in debug builds. - const DUMMY_IMPL_BITS: u16 = - SecureBits::NOROOT.bits() | SecureBits::NO_CAP_AMBIENT_RAISE.bits(); - let dummy_bits = value & DUMMY_IMPL_BITS; - if dummy_bits != 0 { - warn!( - "Some SecureBits flags are unsupported currently: {:?}.", - SecureBits::from_bits_truncate(dummy_bits) - ); - } - } - Ok(SecureBits { bits: value }) } }