Description of problem:

"setpriv --list-caps" relies on libcap-ng library to print the mapping between the capability number and human-readable string, e.g.:
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------

1. /usr/bin/setpriv --list-caps
   chown
   dac_override
   dac_read_search
   :
   perfmon
   bpf
   cap_40
   • • • • • • • 8< ---------------- 8< ---------------- 8< ---------------- 8< --------

On RHEL8.5+, the last capability is displayed as "cap_40" instead of "checkpoint_restore" because the static table "captab" doesn't contain the entry:
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------

1. gdb --args /usr/bin/setpriv --list-caps
   [...]
   (gdb) break capng_lookup_number
   (gdb) run

(gdb) p captab
$4 = {{value = 0, offset = 0},

{value = 1, offset = 6}

,

{value = 2, offset = 19}

,

{value = 3, offset = 35}

,

{ value = 4, offset = 42}

,

{value = 5, offset = 49}

,

{value = 6, offset = 54}

,

{value = 7, offset = 61}

,

{ value = 8, offset = 68}

,

{value = 9, offset = 76}

,

{value = 10, offset = 92}

,

{value = 11, offset = 109}

,

{ value = 12, offset = 123}

,

{value = 13, offset = 133}

,

{value = 14, offset = 141}

,

{value = 15, offset = 150}

,

{ value = 16, offset = 160}

,

{value = 17, offset = 171}

,

{value = 18, offset = 181}

,

{value = 19, offset = 192}

,

{ value = 20, offset = 203}

,

{value = 21, offset = 213}

,

{value = 22, offset = 223}

,

{value = 23, offset = 232}

,

{ value = 24, offset = 241}

,

{value = 25, offset = 254}

,

{value = 26, offset = 263}

,

{value = 27, offset = 278}

,

{ value = 28, offset = 284}

,

{value = 29, offset = 290}

,

{value = 30, offset = 302}

,

{value = 31, offset = 316}

,

{ value = 32, offset = 324}

,

{value = 33, offset = 337}

,

{value = 34, offset = 347}

,

{value = 35, offset = 354}

,

{ value = 36, offset = 365}

,

{value = 37, offset = 379}

,

{value = 38, offset = 390}

, {value = 39, offset = 398}}
(gdb) p captab_msgstr
$5 = {{str23 = "chown", str24 = "dac_override", str25 = "dac_read_search", str26 = "fowner", str27 = "fsetid",
str28 = "kill", str29 = "setgid", str30 = "setuid", str31 = "setpcap", str32 = "linux_immutable",
str33 = "net_bind_service", str34 = "net_broadcast", str35 = "net_admin", str36 = "net_raw", str37 = "ipc_lock",
str38 = "ipc_owner", str39 = "sys_module", str40 = "sys_rawio", str41 = "sys_chroot", str42 = "sys_ptrace",
str43 = "sys_pacct", str44 = "sys_admin", str45 = "sys_boot", str46 = "sys_nice", str47 = "sys_resource",
str48 = "sys_time", str49 = "sys_tty_config", str50 = "mknod", str51 = "lease", str52 = "audit_write",
str53 = "audit_control", str55 = "setfcap", str58 = "mac_override", str61 = "mac_admin", str64 = "syslog",
str67 = "wake_alarm", str76 = "block_suspend", str79 = "audit_read", str82 = "perfmon", str85 = "bpf"},
str = 0x7ffff7bccb80 <captab_msgstr> "chown"}
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------

Here above we can see it doesn't know capability 40 at all.

The reason for this is having built the library in an environment installed with kernel-headers-4.18.0-310.el8.x86_64, which didn't have CAP_CHECKPOINT_RESTORE:
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------

1. rpm2cpio ../kernel-headers-4.18.0-310.el8.x86_64.rpm | cpio -icdmu
   10493 blocks

1. grep -B 4 CAP_LAST_CAP usr/include/linux/capability.h

• CAP_NET_ADMIN and CAP_BPF are required to load networking programs.
  */
  #define CAP_BPF 39

#define CAP_LAST_CAP CAP_BPF

#define cap_valid ( >= 0 && <= CAP_LAST_CAP)
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------

Building locally on my test system running RHEL8.6 shows the capability being present, which confirms the root cause.

Please rebuild the library ASAP.

Version-Release number of selected component (if applicable):

libcap-ng-0.7.11-1.el8.x86_64
kernel-4.18.0-348.el8 and later

How reproducible:

Always, see above.