Unable to create containers with CAP_PERFMON/CAP_BPF/CAP_CHECKPOINT_RESTORE

[tallossos]

Hello,
When I'm trying to start a new container with added capability of perfmon/bpf/checkpoint_restore I'm getting an "unknown capability" error even tho it says in the docker 20.10 release notes that it should be supported.

Steps to reproduce the issue:
docker run --rm --cap-add perfmon nginx bash

The output:
docker: Error response from daemon: invalid CapAdd: unknown capability: "CAP_PERFMON".

Running on: Linux ubuntu 5.11.0, Ubuntu 20.10

docker version:

Client: Docker Engine - Community
 Version:           20.10.4
 API version:       1.41
 Go version:        go1.13.15
 Git commit:        d3cb89e
 Built:             Thu Feb 25 07:05:39 2021
 OS/Arch:           linux/amd64
 Context:           default
 Experimental:      true

Server: Docker Engine - Community
 Engine:
  Version:          20.10.7
  API version:      1.41 (minimum version 1.12)
  Go version:       go1.13.15
  Git commit:       b0f5bc3
  Built:            Wed Jun  2 11:54:53 2021
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.4.6
  GitCommit:        d71fcd7d8303cbf684402823e425e9dd2e99285d
 runc:
  Version:          1.0.0-rc95
  GitCommit:        b9ee9c6314599f1b4a7f497e1f1f856fe433d3b7
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

Thanks!

[thaJeztah]

Ah, hmm.. yes, that patch had to be reverted, because runc didn't support it yet (see #41562 and #41563), but for some reason that change didn't make it into the changelog.

There's a pull request to re-enable those (now that runc supports them); #42011 but it's not merged yet