In WT-11297 and WT-11499, it was shown that the call to checkpoint only the metadata file caused failures. The reason (most likely as I didn't pursue the failures to the details) is that checkpointing only the metadata file causes it to store all of the current system, checkpoint and timestamp information which is out of sync from the other tables.

If checkpointing only the metadata file as a single file via a call similar to this (from {{cursor/cur_backup.c prior to WT-11297 merge) is not allowed, then it should be forbidden with an error:

        WT_WITH_DHANDLE(session, WT_SESSION_META_DHANDLE(session),
          WT_WITH_METADATA_LOCK(session,
            WT_WITH_TXN_ISOLATION(
              session, WT_ISO_READ_COMMITTED, ret = __wt_checkpoint(session, cfg))));

I don't know if that call should always be disallowed, or only when timestamps are in use, or whatever. But it should get an error if it can lead to failures or data loss.