[Devel] [PATCH RHEL10 COMMIT] selftests/clone3: fix libcap interface usage

Konstantin Khorenko khorenko at virtuozzo.com
Fri Jun 19 14:26:41 MSK 2026


The commit is pushed to "branch-rh10-6.12.0-211.16.1.12.x.vz10-ovz" and will appear at git at bitbucket.org:openvz/vzkernel.git
after rh10-6.12.0-211.16.1.12.4.vz10
------>
commit eb356d4702ef3da6b4f176350b1103166bb3acf0
Author: Eva Kurchatova <eva.kurchatova at virtuozzo.com>
Date:   Thu Jun 18 20:43:15 2026 +0300

    selftests/clone3: fix libcap interface usage
    
    The test's set_capability() function needs to set CAP_CHECKPOINT_RESTORE
    (bit 40). But libcap's API (cap_set_flag) didn't support cap 40 when the
    test was written - it was too new. So the author worked around it by
    casting cap_t to an assumed internal layout.
    
    This worked with older libcap versions where cap_t pointed directly to
    that layout. Newer libcap internally restructured its cap_t opaque type.
    
    Since 2.43, libcap natively supports CAP_CHECKPOINT_RESTORE, workaround
    is no longer needed. The fix directly uses the library interface.
    
    Signed-off-by: Eva Kurchatova <eva.kurchatova at virtuozzo.com>
    
    Link: https://patch.msgid.link/20260524163840.34247-2-eva.kurchatova@virtuozzo.com
    Signed-off-by: Christian Brauner (Amutable) <brauner at kernel.org>
    (cherry picked from commit 00429def23a684f19eb1e95083f4579b3ac73810)
    Signed-off-by: Eva Kurchatova <eva.kurchatova at virtuozzo.com>
    
    https://virtuozzo.atlassian.net/browse/VSTOR-132441
    Feature: fix selftests
---
 .../selftests/clone3/clone3_cap_checkpoint_restore.c | 20 +++++---------------
 1 file changed, 5 insertions(+), 15 deletions(-)

diff --git a/tools/testing/selftests/clone3/clone3_cap_checkpoint_restore.c b/tools/testing/selftests/clone3/clone3_cap_checkpoint_restore.c
index 976e92c259fc6..739e0ee544deb 100644
--- a/tools/testing/selftests/clone3/clone3_cap_checkpoint_restore.c
+++ b/tools/testing/selftests/clone3/clone3_cap_checkpoint_restore.c
@@ -84,15 +84,11 @@ static int test_clone3_set_tid(struct __test_metadata *_metadata,
 	return ret;
 }
 
-struct libcap {
-	struct __user_cap_header_struct hdr;
-	struct __user_cap_data_struct data[2];
-};
-
 static int set_capability(void)
 {
-	cap_value_t cap_values[] = { CAP_SETUID, CAP_SETGID };
-	struct libcap *cap;
+	cap_value_t cap_values[] = {
+		CAP_SETUID, CAP_SETGID, CAP_CHECKPOINT_RESTORE
+	};
 	int ret = -1;
 	cap_t caps;
 
@@ -108,14 +104,8 @@ static int set_capability(void)
 		goto out;
 	}
 
-	cap_set_flag(caps, CAP_EFFECTIVE, 2, cap_values, CAP_SET);
-	cap_set_flag(caps, CAP_PERMITTED, 2, cap_values, CAP_SET);
-
-	cap = (struct libcap *) caps;
-
-	/* 40 -> CAP_CHECKPOINT_RESTORE */
-	cap->data[1].effective |= 1 << (40 - 32);
-	cap->data[1].permitted |= 1 << (40 - 32);
+	cap_set_flag(caps, CAP_EFFECTIVE, 3, cap_values, CAP_SET);
+	cap_set_flag(caps, CAP_PERMITTED, 3, cap_values, CAP_SET);
 
 	if (cap_set_proc(caps)) {
 		perror("cap_set_proc");


More information about the Devel mailing list