From 3c6ea300b5c087ab5987f7c5b97f139c91216810 Mon Sep 17 00:00:00 2001
From: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
Date: Wed, 2 Apr 2025 11:01:15 +0200
Subject: [PATCH] lxc/caps: fix open /proc/sys/kernel/cap_last_cap

Since 7418b27f1 ("tree-wide: use __u32 for capabilities") open
/proc/sys/kernel/cap_last_cap never worked, it was failing with
EXDEV and we were using a fallback codepath to get a last cap.

Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
---
 src/lxc/caps.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/lxc/caps.c b/src/lxc/caps.c
index 273cf08f5..206488ff4 100644
--- a/src/lxc/caps.c
+++ b/src/lxc/caps.c
@@ -224,7 +224,7 @@ static int __caps_last_cap(__u32 *cap)
 	fd = open_at(-EBADF,
 		     "/proc/sys/kernel/cap_last_cap",
 		     PROTECT_OPEN,
-		     PROTECT_LOOKUP_ABSOLUTE,
+		     PROTECT_LOOKUP_ABSOLUTE & ~RESOLVE_NO_XDEV,
 		     0);
 	if (fd >= 0) {
 		ssize_t ret;
-- 
2.47.2