[Devel] [PATCH vz10] selftests/clone3: fix libcap interface usage

Konstantin Khorenko khorenko at virtuozzo.com
Mon May 18 12:21:39 MSK 2026 

Pasha, please review this commit.

--
Best regards,

Konstantin Khorenko,
Virtuozzo Linux Kernel Team

On 5/17/26 22:00, Eva Kurchatova wrote:
> The test's set_capability() function needs to set CAP_CHECKPOINT_RESTORE
> (bit 40). But libcap's API (cap_set_flag) didn't support cap 40 when the
> test was written - it was too new. So the author worked around it by
> casting cap_t to an assumed internal layout.
> 
> This worked with older libcap versions where cap_t pointed directly to
> that layout. Newer libcap internally restructured its cap_t opaque type.
> 
> Since 2.43, libcap natively supports CAP_CHECKPOINT_RESTORE, workaround
> is no longer needed. The fix directly uses the library interface.
> 
> Signed-off-by: Eva Kurchatova <eva.kurchatova at virtuozzo.com>
> 
> https://virtuozzo.atlassian.net/browse/VSTOR-130940
> Feature: Fix kselftests
> ---
>   .../clone3/clone3_cap_checkpoint_restore.c    | 20 +++++--------------
>   1 file changed, 5 insertions(+), 15 deletions(-)
> 
> diff --git a/tools/testing/selftests/clone3/clone3_cap_checkpoint_restore.c b/tools/testing/selftests/clone3/clone3_cap_checkpoint_restore.c
> index 976e92c259fc..739e0ee544de 100644
> --- a/tools/testing/selftests/clone3/clone3_cap_checkpoint_restore.c
> +++ b/tools/testing/selftests/clone3/clone3_cap_checkpoint_restore.c
> @@ -84,15 +84,11 @@ static int test_clone3_set_tid(struct __test_metadata *_metadata,
>   	return ret;
>   }
>   
> -struct libcap {
> -	struct __user_cap_header_struct hdr;
> -	struct __user_cap_data_struct data[2];
> -};
> -
>   static int set_capability(void)
>   {
> -	cap_value_t cap_values[] = { CAP_SETUID, CAP_SETGID };
> -	struct libcap *cap;
> +	cap_value_t cap_values[] = {
> +		CAP_SETUID, CAP_SETGID, CAP_CHECKPOINT_RESTORE
> +	};
>   	int ret = -1;
>   	cap_t caps;
>   
> @@ -108,14 +104,8 @@ static int set_capability(void)
>   		goto out;
>   	}
>   
> -	cap_set_flag(caps, CAP_EFFECTIVE, 2, cap_values, CAP_SET);
> -	cap_set_flag(caps, CAP_PERMITTED, 2, cap_values, CAP_SET);
> -
> -	cap = (struct libcap *) caps;
> -
> -	/* 40 -> CAP_CHECKPOINT_RESTORE */
> -	cap->data[1].effective |= 1 << (40 - 32);
> -	cap->data[1].permitted |= 1 << (40 - 32);
> +	cap_set_flag(caps, CAP_EFFECTIVE, 3, cap_values, CAP_SET);
> +	cap_set_flag(caps, CAP_PERMITTED, 3, cap_values, CAP_SET);
>   
>   	if (cap_set_proc(caps)) {
>   		perror("cap_set_proc");

More information about the Devel mailing list