Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 12 Jun 2026 20:59:02 +0300
From:      Oleg Nauman <oleg.nauman@gmail.com>
To:        Konstantin Belousov <kostikbel@gmail.com>
Cc:        FreeBSD Current <freebsd-current@freebsd.org>
Subject:   Re: "CAP system call not allowed" for linux apllications
Message-ID:  <CAC5YPTsaxceqYF2MejgByyok-urEjX9qk4=pJaajtOMp5wy-Sg@mail.gmail.com>
In-Reply-To: <aikgj3A7b7KEkGzV@kib.kiev.ua>
References:  <CAC5YPTuCsHK46PA=Bhzjs=jSNRXe_eKAMy%2BuuZH0R6Wejzxg7w@mail.gmail.com> <aikgj3A7b7KEkGzV@kib.kiev.ua>
index | next in thread | previous in thread | raw e-mail 

  Well, it looks like the next update ( currently it is HEAD at
1f68ca5802db ) has fixed this issue.

Thank you

On Wed, Jun 10, 2026 at 11:31 AM Konstantin Belousov
<kostikbel@gmail.com> wrote:
>
> On Wed, Jun 10, 2026 at 09:19:14AM +0300, Oleg Nauman wrote:
> >  I have updated my CURRENT amd64 to c3d8aca1d43e and discovered that
> > linux applications fail to run .
> > It seems the failure reason is capsicum that blocks execution of linux
> > syscalls, for example from ktrace/kdump output:
> >
> >  CALL  linux_socket(0x1,0x80001,0)
> >  CAP   system call not allowed: linux_clock_gettime
> >  CAP   system call not allowed: linux_socket
> >  RET   linux_socket 8
> >  CALL linux_clock_gettime 0
> >  CALL  linux_connect(0x8,0x7fffffffb450,0x14)
> >  CALL  linux_clock_gettime(CLOCK_MONOTONIC,0x825829310)
> >  CAP   system call not allowed: linux_connect
> >  CAP   system call not allowed: linux_clock_gettime
> >  NAMI  ""
> >  RET   linux_connect -1 errno -88 Socket operation on non-socket
> >  RET   linux_clock_gettime 0
> >  CALL  close(0x8)
> >  CALL  linux_poll(0x8280054d0,0x2,0x6221)
> >  CAP   system call not allowed: linux_poll
> >  CAP   system call not allowed: close
> >  RET   close 0
> >  RET   linux_poll 1
> >  CALL  linux_clock_gettime(CLOCK_MONOTONIC,0x825829300)
> >  CAP   system call not allowed: linux_clock_gettime
> >  CALL  linux_write(0x2,0x7fffffff92d0,0x2c)
> >  CAP   system call not allowed: linux_write
> >  RET   linux_clock_gettime 0
> >  GIO   fd 2 wrote 44 bytes
> >        "qt.qpa.xcb: could not connect to display :0
> >        "
> I cannot reproduce it, for me HEAD just worked.
>
> The trace above is also strange, if you look, the syscalls report
> successful results, it looks like the 'CAP' records intervene out
> of thin air.
>
home | help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAC5YPTsaxceqYF2MejgByyok-urEjX9qk4=pJaajtOMp5wy-Sg>