linux: update securebits API for Linux 6.14

Linux 6.14 added two flags to SECURE_ALL_BITS, namely
SECURE_EXEC_RESTRICT_FILE and SECURE_EXEC_DENY_INTERACTIVE.

Author: neuschaefer

libc-test/semver/linux.txt

@@ -2776,6 +2776,10 @@ SCTP_STATUS
 SCTP_STREAM_RESET_INCOMING
 SCTP_STREAM_RESET_OUTGOING
 SCTP_UNORDERED
+SECBIT_EXEC_DENY_INTERACTIVE
+SECBIT_EXEC_DENY_INTERACTIVE_LOCKED
+SECBIT_EXEC_RESTRICT_FILE
+SECBIT_EXEC_RESTRICT_FILE_LOCKED
 SECBIT_KEEP_CAPS
 SECBIT_KEEP_CAPS_LOCKED
 SECBIT_NOROOT

src/unix/linux_like/linux/mod.rs

@@ -4750,9 +4750,24 @@ pub const SECBIT_NO_CAP_AMBIENT_RAISE: c_int = issecure_mask(SECURE_NO_CAP_AMBIE
 pub const SECBIT_NO_CAP_AMBIENT_RAISE_LOCKED: c_int =
     issecure_mask(SECURE_NO_CAP_AMBIENT_RAISE_LOCKED);
 
+const SECURE_EXEC_RESTRICT_FILE: c_int = 8;
+const SECURE_EXEC_RESTRICT_FILE_LOCKED: c_int = 9;
+
+pub const SECBIT_EXEC_RESTRICT_FILE: c_int = issecure_mask(SECURE_EXEC_RESTRICT_FILE);
+pub const SECBIT_EXEC_RESTRICT_FILE_LOCKED: c_int =
+    issecure_mask(SECURE_EXEC_RESTRICT_FILE_LOCKED);
+
+const SECURE_EXEC_DENY_INTERACTIVE: c_int = 10;
+const SECURE_EXEC_DENY_INTERACTIVE_LOCKED: c_int = 11;
+
+pub const SECBIT_EXEC_DENY_INTERACTIVE: c_int = issecure_mask(SECURE_EXEC_DENY_INTERACTIVE);
+pub const SECBIT_EXEC_DENY_INTERACTIVE_LOCKED: c_int =
+    issecure_mask(SECURE_EXEC_DENY_INTERACTIVE_LOCKED);
+
 pub const SECUREBITS_DEFAULT: c_int = 0x00000000;
 pub const SECURE_ALL_BITS: c_int =
-    SECBIT_NOROOT | SECBIT_NO_SETUID_FIXUP | SECBIT_KEEP_CAPS | SECBIT_NO_CAP_AMBIENT_RAISE;
+    SECBIT_NOROOT | SECBIT_NO_SETUID_FIXUP | SECBIT_KEEP_CAPS | SECBIT_NO_CAP_AMBIENT_RAISE |
+    SECBIT_EXEC_RESTRICT_FILE | SECBIT_EXEC_DENY_INTERACTIVE;
 pub const SECURE_ALL_LOCKS: c_int = SECURE_ALL_BITS << 1;
 
 const fn issecure_mask(x: c_int) -> c_int {