From: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
Date: Wed, 2 Apr 2025 09:01:15 +0000 (+0200)
Subject: lxc/caps: fix open /proc/sys/kernel/cap_last_cap
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F4533%2Fhead;p=thirdparty%2Flxc.git

lxc/caps: fix open /proc/sys/kernel/cap_last_cap

Since 7418b27f1 ("tree-wide: use __u32 for capabilities") open
/proc/sys/kernel/cap_last_cap never worked, it was failing with
EXDEV and we were using a fallback codepath to get a last cap.

Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
---

diff --git a/src/lxc/caps.c b/src/lxc/caps.c
index 273cf08f5..206488ff4 100644
--- a/src/lxc/caps.c
+++ b/src/lxc/caps.c
@@ -224,7 +224,7 @@ static int __caps_last_cap(__u32 *cap)
 	fd = open_at(-EBADF,
 		     "/proc/sys/kernel/cap_last_cap",
 		     PROTECT_OPEN,
-		     PROTECT_LOOKUP_ABSOLUTE,
+		     PROTECT_LOOKUP_ABSOLUTE & ~RESOLVE_NO_XDEV,
 		     0);
 	if (fd >= 0) {
 		ssize_t ret;