kerndat: Skip clone3(set_tid) when unprivileged.

clone3(set_tid) requires CAP_CHECKPOINT_RESTORE we might not have. Pretend it's not available instead of failing restore later when running unprivileged. Signed-off-by: Michał Mirosław <[email protected]>
checkpoint-restore · Aug 28, 2023 · 6a97988 · 6a97988
1 parent a04fac5
commit 6a97988
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/criu/kerndat.c b/criu/kerndat.c
@@ -1398,12 +1398,15 @@ static bool kerndat_has_clone3_set_tid(void)
 	pid_t pid;
 	struct _clone_args args = {};
 
+	kdat.has_clone3_set_tid = false;
+	if (opts.unprivileged && !has_cap_checkpoint_restore(opts.cap_eff))
+		return 0;
+
 #if defined(CONFIG_MIPS)
 	/*
 	 * Currently the CRIU PIE assembler clone3() wrapper is
 	 * not implemented for MIPS.
 	 */
-	kdat.has_clone3_set_tid = false;
 	return 0;
 #endif