kerndat: Skip clone3(set_tid) when unprivileged.

clone3(set_tid) requires CAP_CHECKPOINT_RESTORE we might not have. Pretend it's not available instead of failing restore later when running unprivileged. Signed-off-by: Michał Mirosław <[email protected]>
checkpoint-restore · Aug 29, 2023 · b74e9a1 · b74e9a1
1 parent 6d0e785
commit b74e9a1
Showing 1 changed file with 9 additions and 1 deletion.
diff --git a/criu/kerndat.c b/criu/kerndat.c
@@ -1399,12 +1399,20 @@ static bool kerndat_has_clone3_set_tid(void)
 	pid_t pid;
 	struct _clone_args args = {};
 
+	kdat.has_clone3_set_tid = false;
+
+	/*
+	 * Fall back to old `ns_last_pid` method if we lack privileges for
+	 * clone3() with `set_tid`.
+	 */
+	if (opts.unprivileged && !has_cap_checkpoint_restore(opts.cap_eff))
+		return 0;
+
 #if defined(CONFIG_MIPS)
 	/*
 	 * Currently the CRIU PIE assembler clone3() wrapper is
 	 * not implemented for MIPS.
 	 */
-	kdat.has_clone3_set_tid = false;
 	return 0;
 #endif