lxc/caps: fix open /proc/sys/kernel/cap_last_cap

Since 7418b27f1 ("tree-wide: use __u32 for capabilities") open
/proc/sys/kernel/cap_last_cap never worked, it was failing with
EXDEV and we were using a fallback codepath to get a last cap.

Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>

diff --git a/src/lxc/caps.c b/src/lxc/caps.c
index 273cf08f57a51ff636c78d47455ecee4d8ae5930..206488ff434f56a2f18c5cb605e34f0222638db4 100644 (file)
--- a/src/lxc/caps.c
+++ b/src/lxc/caps.c
@@ -224,7 +224,7 @@ static int __caps_last_cap(__u32 *cap)
        fd = open_at(-EBADF,
                     "/proc/sys/kernel/cap_last_cap",
                     PROTECT_OPEN,
-                    PROTECT_LOOKUP_ABSOLUTE,
+                    PROTECT_LOOKUP_ABSOLUTE & ~RESOLVE_NO_XDEV,
                     0);
        if (fd >= 0) {
                ssize_t ret;