From nobody Wed Jun 10 06:19:14 2026 X-Original-To: freebsd-current@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4gZwbq0rbSz6h9Fv for ; Wed, 10 Jun 2026 06:19:35 +0000 (UTC) (envelope-from oleg.nauman@gmail.com) Received: from mail-qv1-xf31.google.com (mail-qv1-xf31.google.com [IPv6:2607:f8b0:4864:20::f31]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "WR4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4gZwbp3HqQz3Gw1 for ; Wed, 10 Jun 2026 06:19:34 +0000 (UTC) (envelope-from oleg.nauman@gmail.com) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20251104 header.b=YTN4aP50; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of oleg.nauman@gmail.com designates 2607:f8b0:4864:20::f31 as permitted sender) smtp.mailfrom=oleg.nauman@gmail.com; arc=pass ("google.com:s=arc-20240605:i=1") Received: by mail-qv1-xf31.google.com with SMTP id 6a1803df08f44-8ccf887de87so73422686d6.0 for ; Tue, 09 Jun 2026 23:19:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1781072367; cv=none; d=google.com; s=arc-20240605; b=H6rdESuhr6GmiXiZ9kyzKXeltG6KFiIetti4nVz9AjyD89RbFfaXVrJzKi7wGVCmHo az927ed8msuzIA0ajh0KBpa38yPri7VJne35wMaQUBaIbydNiKzy1lPlnUzRmYpvT+vE nVuGgR89EUq444k1kkf+eVc9pod0r49igsfgDY5sSvcYlcdqiXCvxmkjGtjxuQSR64BT 6JuLg5ci89fqou3xgrknRDL5x8BOPIBCZy7GQ0LaawNp+hY7i6LpPFDjVN+NzMwnzYnz EpG+wxWLNI88bA03WsIdw5Y3/QV0N7ytwFFNXQVvsYZTJq6wbsZM3xYnYrpE1Nsv2n+x ZKGQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=to:subject:message-id:date:from:mime-version:dkim-signature; bh=XfPOX2OPvGsvBWOZG2qixbUn4V1vMWGF28UngpoV+/Y=; fh=wH+ulgyZPcfNhi4Qc2YlbSS8lysP8fbtOI+7NqZnraw=; b=DNF3Ae9jV+M3/jYNVueye7b8QeSnhW9+5aExjZWWmmxMnYcWH52bP5gBgKOmxY3Kgn HB+d/OVpcUuprF5ibfqj2Vy3l5wpwNQib9QQqEPZXGADQ90WqvsczmX+9WsJBWLk+ylK 1WpfuZVnaln0LC4Tq+auWCMniQvHsHtnd7THCg2HYqu+UQBDORE/bzXNLmnoOnIYpA+c GyIHMZXokrgNfTwMipNUWN3fdX6bI+sS1sr6clp0lyAu6v+0LLDWe/EKFwvuZvF9eKU+ Qc08/SCgGZYdsAQhvb1KMq0kAotPWJCTZ82ekvpfUdJP/M2XH37f+MbfMIAPFGPqIVe/ oV3w==; darn=freebsd.org ARC-Authentication-Results: i=1; mx.google.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1781072367; x=1781677167; darn=freebsd.org; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=XfPOX2OPvGsvBWOZG2qixbUn4V1vMWGF28UngpoV+/Y=; b=YTN4aP50R4kKbCTNCV2pIRNmaucovr8XyQsBhOaz3uxjre/9TYjrUDRjI//oQyC9xu Wm9119ZoJP1pm2Dnx20JX+ejzqCkmr6q6pnCSuVd52YZmsitCuXV/wfC3Ox61inn5zio E1vZsq1j61BRa4zRfcB+Erw/8Qf0WMOfsWvH93D/SYXJHoqWZMyb4yPIh+QVZaOXOvlT IwVIbDTV630DQpyfGNjdBrtakHlccdjYEMY7lLoVESsH+z8W8Y6TbsAAReg/Atg9ayRi jPEv6vkQUNB9vGk1jx7jMr8GFnZryP2Acq91ujSyX7IP7KXN1Rn/IC3NrcCWRjxqPACB 3o/g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1781072367; x=1781677167; h=to:subject:message-id:date:from:mime-version:x-gm-gg :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=XfPOX2OPvGsvBWOZG2qixbUn4V1vMWGF28UngpoV+/Y=; b=OWFqYmHPqr00KOyQPYmAdT64gxmX1Ez5/5SpBlRVp3Dx6cbcuBgVqI0z65KhssTOJr mT3j8M3dtlH+dicDWazSQMVhCxK76hmjvjwv7zFLyEQrIx+WOir2lQr9SRkLXv/DL2b4 690Fqe+M0LuERF8wKmMH8/XZJRuUzRvqGucoKJlOXmGsrXZBiSElNoEyAu0HsqaZQqX2 Cqh2+2ZTuadXArmNleCwkhTspEKAvUdy8bdwtAvCkKlHvR5TtEFAmZL2ES37gBcaCbW9 6wcUF7dhS4Tvn2oBj8eRCGvAHe61oHeSCq0IP2xDVFXuZCNBBKjNHFtAIH1ObcMDcGo1 ioNw== X-Gm-Message-State: AOJu0YxQhhTR4C559l2zNojDLpZ83rF8TiixV9BskCcWw69sJtz9Q3AJ llI2GYkxZwacTwiD92qEygBQ/3YmYIP2PbU5LQyt687cfy4mry0jT0jlZX1ptg8U+wOO7RuzAyS T0UTLhozMmTdQfOIwwVPLOFEKIO2dkIvyv5fH X-Gm-Gg: Acq92OG8SNNAbuMzKp395gyUkP6F3hQVM9nGf5atJn8A7DMZaWbXMc/05Sdl2iLDMzE kliEZAjE+NpwCR03oTabDwymzGIVGXU1yLH3XbITM9jqf52SflCEIH0YkA2Qvn/0VBiy2FQi2LB shevGHh6REzgrjxZljdijzRBZGk4NyvNwBH4dIoVtVf8/Hhltvdf8nuhkGFp51jwIUyU36c8vD1 KnTOltolmEOi8HZsgvS4hv/wEO9httLiTDyV8K+T+9uizpXYqkrjg8H03CekqML8Sd7++a87izr YfON2UCKMwk4j93X X-Received: by 2002:a05:6214:acc:b0:8ce:eaf7:dbe7 with SMTP id 6a1803df08f44-8ceeaf7de4amr346696466d6.33.1781072367620; Tue, 09 Jun 2026 23:19:27 -0700 (PDT) List-Id: Discussions about the use of FreeBSD-current List-Archive: https://lists.freebsd.org/archives/freebsd-current List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-current@FreeBSD.org List-Id: List-Post: List-Help: List-Subscribe: List-Unsubscribe: List-Owner: Precedence: list MIME-Version: 1.0 From: Oleg Nauman Date: Wed, 10 Jun 2026 09:19:14 +0300 X-Gm-Features: AVVi8Cfm4uwTGM9jI8pH-0-DNt5L1nyrzPFQSyLGXFgmrTNcw-uy2hKKv0scPX8 Message-ID: Subject: "CAP system call not allowed" for linux apllications To: FreeBSD Current Content-Type: text/plain; charset="UTF-8" X-Spamd-Result: default: False [-4.79 / 15.00]; ARC_ALLOW(-1.00)[google.com:s=arc-20240605:i=1]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-0.93)[-0.928]; NEURAL_HAM_SHORT(-0.86)[-0.863]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20251104]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4864::/56]; MIME_GOOD(-0.10)[text/plain]; RCVD_TLS_LAST(0.00)[]; TO_DN_ALL(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; FROM_HAS_DN(0.00)[]; MIME_TRACE(0.00)[0:+]; RCPT_COUNT_ONE(0.00)[1]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; FREEMAIL_FROM(0.00)[gmail.com]; TAGGED_FROM(0.00)[]; MISSING_XM_UA(0.00)[]; FREEMAIL_ENVFROM(0.00)[gmail.com]; PREVIOUSLY_DELIVERED(0.00)[freebsd-current@freebsd.org]; FROM_EQ_ENVFROM(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; MID_RHS_MATCH_FROMTLD(0.00)[]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; MLMMJ_DEST(0.00)[freebsd-current@freebsd.org]; RCVD_COUNT_ONE(0.00)[1]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::f31:from] X-Spamd-Bar: ---- X-Rspamd-Queue-Id: 4gZwbp3HqQz3Gw1 I have updated my CURRENT amd64 to c3d8aca1d43e and discovered that linux applications fail to run . It seems the failure reason is capsicum that blocks execution of linux syscalls, for example from ktrace/kdump output: CALL linux_socket(0x1,0x80001,0) CAP system call not allowed: linux_clock_gettime CAP system call not allowed: linux_socket RET linux_socket 8 CALL linux_clock_gettime 0 CALL linux_connect(0x8,0x7fffffffb450,0x14) CALL linux_clock_gettime(CLOCK_MONOTONIC,0x825829310) CAP system call not allowed: linux_connect CAP system call not allowed: linux_clock_gettime NAMI "" RET linux_connect -1 errno -88 Socket operation on non-socket RET linux_clock_gettime 0 CALL close(0x8) CALL linux_poll(0x8280054d0,0x2,0x6221) CAP system call not allowed: linux_poll CAP system call not allowed: close RET close 0 RET linux_poll 1 CALL linux_clock_gettime(CLOCK_MONOTONIC,0x825829300) CAP system call not allowed: linux_clock_gettime CALL linux_write(0x2,0x7fffffff92d0,0x2c) CAP system call not allowed: linux_write RET linux_clock_gettime 0 GIO fd 2 wrote 44 bytes "qt.qpa.xcb: could not connect to display :0 "