+MbfMIAPFGPqIVe/
         oV3w==;
        darn=freebsd.org
ARC-Authentication-Results: i=1; mx.google.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20251104; t=1781072367; x=1781677167; darn=freebsd.org;
        h=to:subject:message-id:date:from:mime-version:from:to:cc:subject
         :date:message-id:reply-to;
        bh=XfPOX2OPvGsvBWOZG2qixbUn4V1vMWGF28UngpoV+/Y=;
        b=YTN4aP50R4kKbCTNCV2pIRNmaucovr8XyQsBhOaz3uxjre/9TYjrUDRjI//oQyC9xu
         Wm9119ZoJP1pm2Dnx20JX+ejzqCkmr6q6pnCSuVd52YZmsitCuXV/wfC3Ox61inn5zio
         E1vZsq1j61BRa4zRfcB+Erw/8Qf0WMOfsWvH93D/SYXJHoqWZMyb4yPIh+QVZaOXOvlT
         IwVIbDTV630DQpyfGNjdBrtakHlccdjYEMY7lLoVESsH+z8W8Y6TbsAAReg/Atg9ayRi
         jPEv6vkQUNB9vGk1jx7jMr8GFnZryP2Acq91ujSyX7IP7KXN1Rn/IC3NrcCWRjxqPACB
         3o/g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1781072367; x=1781677167;
        h=to:subject:message-id:date:from:mime-version:x-gm-gg
         :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=XfPOX2OPvGsvBWOZG2qixbUn4V1vMWGF28UngpoV+/Y=;
        b=OWFqYmHPqr00KOyQPYmAdT64gxmX1Ez5/5SpBlRVp3Dx6cbcuBgVqI0z65KhssTOJr
         mT3j8M3dtlH+dicDWazSQMVhCxK76hmjvjwv7zFLyEQrIx+WOir2lQr9SRkLXv/DL2b4
         690Fqe+M0LuERF8wKmMH8/XZJRuUzRvqGucoKJlOXmGsrXZBiSElNoEyAu0HsqaZQqX2
         Cqh2+2ZTuadXArmNleCwkhTspEKAvUdy8bdwtAvCkKlHvR5TtEFAmZL2ES37gBcaCbW9
         6wcUF7dhS4Tvn2oBj8eRCGvAHe61oHeSCq0IP2xDVFXuZCNBBKjNHFtAIH1ObcMDcGo1
         ioNw==
X-Gm-Message-State: AOJu0YxQhhTR4C559l2zNojDLpZ83rF8TiixV9BskCcWw69sJtz9Q3AJ
	llI2GYkxZwacTwiD92qEygBQ/3YmYIP2PbU5LQyt687cfy4mry0jT0jlZX1ptg8U+wOO7RuzAyS
	T0UTLhozMmTdQfOIwwVPLOFEKIO2dkIvyv5fH
X-Gm-Gg: Acq92OG8SNNAbuMzKp395gyUkP6F3hQVM9nGf5atJn8A7DMZaWbXMc/05Sdl2iLDMzE
	kliEZAjE+NpwCR03oTabDwymzGIVGXU1yLH3XbITM9jqf52SflCEIH0YkA2Qvn/0VBiy2FQi2LB
	shevGHh6REzgrjxZljdijzRBZGk4NyvNwBH4dIoVtVf8/Hhltvdf8nuhkGFp51jwIUyU36c8vD1
	KnTOltolmEOi8HZsgvS4hv/wEO9httLiTDyV8K+T+9uizpXYqkrjg8H03CekqML8Sd7++a87izr
	YfON2UCKMwk4j93X
X-Received: by 2002:a05:6214:acc:b0:8ce:eaf7:dbe7 with SMTP id
 6a1803df08f44-8ceeaf7de4amr346696466d6.33.1781072367620; Tue, 09 Jun 2026
 23:19:27 -0700 (PDT)
List-Id: Discussions about the use of FreeBSD-current <freebsd-current.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-current
List-Help: <mailto:freebsd-current+help@freebsd.org>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Subscribe: <mailto:freebsd-current+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-current+unsubscribe@freebsd.org>
Sender: owner-freebsd-current@FreeBSD.org
List-Id: <freebsd-current.FreeBSD.org>
List-Post: <mailto:freebsd-current@FreeBSD.org>
List-Help: <mailto:freebsd-current+help@FreeBSD.org>
List-Subscribe: <mailto:freebsd-current+subscribe@FreeBSD.org>
List-Unsubscribe: <mailto:freebsd-current+unsubscribe@FreeBSD.org>
List-Owner: <mailto:postmaster@FreeBSD.org>
Precedence: list
MIME-Version: 1.0
From: Oleg Nauman <oleg.nauman@gmail.com>
Date: Wed, 10 Jun 2026 09:19:14 +0300
X-Gm-Features: AVVi8Cfm4uwTGM9jI8pH-0-DNt5L1nyrzPFQSyLGXFgmrTNcw-uy2hKKv0scPX8
Message-ID: <CAC5YPTuCsHK46PA=Bhzjs=jSNRXe_eKAMy+uuZH0R6Wejzxg7w@mail.gmail.com>
Subject: "CAP system call not allowed" for linux apllications
To: FreeBSD Current <freebsd-current@freebsd.org>
Content-Type: text/plain; charset="UTF-8"
X-Spamd-Result: default: False [-4.79 / 15.00];
	ARC_ALLOW(-1.00)[google.com:s=arc-20240605:i=1];
	NEURAL_HAM_LONG(-1.00)[-1.000];
	NEURAL_HAM_MEDIUM(-0.93)[-0.928];
	NEURAL_HAM_SHORT(-0.86)[-0.863];
	DMARC_POLICY_ALLOW(-0.50)[gmail.com,none];
	R_DKIM_ALLOW(-0.20)[gmail.com:s=20251104];
	R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4864::/56];
	MIME_GOOD(-0.10)[text/plain];
	RCVD_TLS_LAST(0.00)[];
	TO_DN_ALL(0.00)[];
	TO_MATCH_ENVRCPT_ALL(0.00)[];
	FROM_HAS_DN(0.00)[];
	MIME_TRACE(0.00)[0:+];
	RCPT_COUNT_ONE(0.00)[1];
	DWL_DNSWL_NONE(0.00)[gmail.com:dkim];
	FREEMAIL_FROM(0.00)[gmail.com];
	TAGGED_FROM(0.00)[];
	MISSING_XM_UA(0.00)[];
	FREEMAIL_ENVFROM(0.00)[gmail.com];
	PREVIOUSLY_DELIVERED(0.00)[freebsd-current@freebsd.org];
	FROM_EQ_ENVFROM(0.00)[];
	DKIM_TRACE(0.00)[gmail.com:+];
	MID_RHS_MATCH_FROMTLD(0.00)[];
	ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US];
	MLMMJ_DEST(0.00)[freebsd-current@freebsd.org];
	RCVD_COUNT_ONE(0.00)[1];
	RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::f31:from]
X-Spamd-Bar: ----
X-Rspamd-Queue-Id: 4gZwbp3HqQz3Gw1

 I have updated my CURRENT amd64 to c3d8aca1d43e and discovered that
linux applications fail to run .
It seems the failure reason is capsicum that blocks execution of linux
syscalls, for example from ktrace/kdump output:

 CALL  linux_socket(0x1,0x80001,0)
 CAP   system call not allowed: linux_clock_gettime
 CAP   system call not allowed: linux_socket
 RET   linux_socket 8
 CALL linux_clock_gettime 0
 CALL  linux_connect(0x8,0x7fffffffb450,0x14)
 CALL  linux_clock_gettime(CLOCK_MONOTONIC,0x825829310)
 CAP   system call not allowed: linux_connect
 CAP   system call not allowed: linux_clock_gettime
 NAMI  ""
 RET   linux_connect -1 errno -88 Socket operation on non-socket
 RET   linux_clock_gettime 0
 CALL  close(0x8)
 CALL  linux_poll(0x8280054d0,0x2,0x6221)
 CAP   system call not allowed: linux_poll
 CAP   system call not allowed: close
 RET   close 0
 RET   linux_poll 1
 CALL  linux_clock_gettime(CLOCK_MONOTONIC,0x825829300)
 CAP   system call not allowed: linux_clock_gettime
 CALL  linux_write(0x2,0x7fffffff92d0,0x2c)
 CAP   system call not allowed: linux_write
 RET   linux_clock_gettime 0
 GIO   fd 2 wrote 44 bytes
       "qt.qpa.xcb: could not connect to display :0
       "