diff --color -ruN a/distcheck.sh b/distcheck.sh

--- a/distcheck.sh	1970-01-01 01:00:00.000000000 +0100

+++ b/distcheck.sh	2021-06-10 10:06:19.618284780 +0200

@@ -0,0 +1,13 @@

+#!/bin/bash

+

+actual=$(wget -o/dev/null -O/dev/stdout https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/plain/include/uapi/linux/capability.h | grep "#define.CAP_LAST_CAP"|awk '{print $3}')

+working=$(grep "#define.CAP_LAST_CAP" libcap/include/uapi/linux/capability.h|awk '{print $3}')

+

+if [[ ${actual} = ${working} ]]; then

+    echo "up to date with officially named caps"

+    exit 0

+fi

+

+echo "want: ${actual}"

+echo "have: ${working}"

+exit 1

diff --color -ruN a/libcap/include/uapi/linux/capability.h b/libcap/include/uapi/linux/capability.h

--- a/libcap/include/uapi/linux/capability.h	2018-09-09 20:06:40.000000000 +0200

+++ b/libcap/include/uapi/linux/capability.h	2021-06-10 10:05:19.729202015 +0200

@@ -331,6 +331,8 @@

 #define CAP_AUDIT_CONTROL    30

+/* Set capabilities on files. */

+

 #define CAP_SETFCAP	     31

 /* Override MAC access.

@@ -366,8 +368,50 @@

 #define CAP_AUDIT_READ       37

+/* Allow system performance and observability privileged operations using

+ * perf_events, i915_perf and other kernel subsystems. */

+

+#define CAP_PERFMON      38

+

+/*

+ * CAP_BPF allows the following BPF operations:

+ * - Creating all types of BPF maps

+ * - Advanced verifier features

+ *   - Indirect variable access

+ *   - Bounded loops

+ *   - BPF to BPF function calls

+ *   - Scalar precision tracking

+ *   - Larger complexity limits

+ *   - Dead code elimination

+ *   - And potentially other features

+ * - Loading BPF Type Format (BTF) data

+ * - Retrieve xlated and JITed code of BPF programs

+ * - Use bpf_spin_lock() helper

+ *

+ * CAP_PERFMON relaxes the verifier checks further:

+ * - BPF progs can use of pointer-to-integer conversions

+ * - speculation attack hardening measures are bypassed

+ * - bpf_probe_read to read arbitrary kernel memory is allowed

+ * - bpf_trace_printk to print kernel memory is allowed

+ *

+ * CAP_SYS_ADMIN is required to use bpf_probe_write_user.

+ *

+ * CAP_SYS_ADMIN is required to iterate system wide loaded

+ * programs, maps, links, BTFs and convert their IDs to file descriptors.

+ *

+ * CAP_PERFMON and CAP_BPF are required to load tracing programs.

+ * CAP_NET_ADMIN and CAP_BPF are required to load networking programs.

+ */

+

+#define CAP_BPF          39

+

+/* Allow checkpoint/restore related operations */

+/* Allow PID selection during clone3() */

+/* Allow writing to ns_last_pid */

+

+#define CAP_CHECKPOINT_RESTORE 40

-#define CAP_LAST_CAP         CAP_AUDIT_READ

+#define CAP_LAST_CAP         CAP_CHECKPOINT_RESTORE

 #define cap_valid(x) ((x) >= 0 && (x) <= CAP_LAST_CAP)

diff --color -ruN a/Makefile b/Makefile

--- a/Makefile	2018-09-15 23:51:38.000000000 +0200

+++ b/Makefile	2021-06-10 10:07:30.872573023 +0200

@@ -33,7 +33,10 @@

 test: all

 	cd progs && sudo ./quicktest.sh

-morganrelease: distclean

+distcheck:

+	./distcheck.sh

+

+morganrelease: distclean distcheck

 	@echo "sign the tag twice: older DSA key; and newer RSA kernel.org key"

 	git tag -u D41A6DF2 -s libcap-$(VERSION).$(MINOR) -m "This is libcap-$(VERSION).$(MINOR)"

 	git tag -u E2CCF3F4 -s libcap-korg-$(VERSION).$(MINOR) -m "This is libcap-$(VERSION).$(MINOR)"