"CAP system call not allowed" for linux apllications

Reply: Konstantin Belousov : "Re: "CAP system call not allowed" for linux apllications"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Oleg Nauman <oleg.nauman_at_gmail.com>
Date: Wed, 10 Jun 2026 06:19:14 UTC

 I have updated my CURRENT amd64 to c3d8aca1d43e and discovered that
linux applications fail to run .
It seems the failure reason is capsicum that blocks execution of linux
syscalls, for example from ktrace/kdump output:

 CALL  linux_socket(0x1,0x80001,0)
 CAP   system call not allowed: linux_clock_gettime
 CAP   system call not allowed: linux_socket
 RET   linux_socket 8
 CALL linux_clock_gettime 0
 CALL  linux_connect(0x8,0x7fffffffb450,0x14)
 CALL  linux_clock_gettime(CLOCK_MONOTONIC,0x825829310)
 CAP   system call not allowed: linux_connect
 CAP   system call not allowed: linux_clock_gettime
 NAMI  ""
 RET   linux_connect -1 errno -88 Socket operation on non-socket
 RET   linux_clock_gettime 0
 CALL  close(0x8)
 CALL  linux_poll(0x8280054d0,0x2,0x6221)
 CAP   system call not allowed: linux_poll
 CAP   system call not allowed: close
 RET   close 0
 RET   linux_poll 1
 CALL  linux_clock_gettime(CLOCK_MONOTONIC,0x825829300)
 CAP   system call not allowed: linux_clock_gettime
 CALL  linux_write(0x2,0x7fffffff92d0,0x2c)
 CAP   system call not allowed: linux_write
 RET   linux_clock_gettime 0
 GIO   fd 2 wrote 44 bytes
       "qt.qpa.xcb: could not connect to display :0
       "