On Thu, 13 Oct 2022 06:54:26 +0200 Stefano Brivio <sbrivio(a)redhat.com> wrote:Anyway, I drafted it... but this happens. I dropped pasta symlinks for simplicity: -- # setcap 'cap_net_bind_service=+ep' /home/sbrivio/passt/pasta.avx2 # getcap /home/sbrivio/passt/pasta.avx2 /home/sbrivio/passt/pasta.avx2 cap_net_bind_service=ep -- $ strace -ebind,capget,capset,readlink -f ./pasta.avx2 -f -t 81 1763943 readlink("/proc/self/exe", "/home/sbrivio/passt/pasta.avx2", 4095) = 30 capget({version=_LINUX_CAPABILITY_VERSION_3, pid=0}, {effective=0, permitted=0, inheritable=0}) = 0 capset({version=_LINUX_CAPABILITY_VERSION_3, pid=0}, {effective=0, permitted=0, inheritable=0}) = 0 bind(5, {sa_family=AF_INET, sin_port=htons(81), sin_addr=inet_addr("0.0.0.0")}, 16) = -1 EACCES (Permission denied) bind(5, {sa_family=AF_INET, sin_port=htons(81), sin_addr=inet_addr("127.0.0.1")}, 16) = -1 EACCES (Permission denied) bind(5, {sa_family=AF_INET6, sin6_port=htons(81), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::", &sin6_addr), sin6_scope_id=0}, 28) = -1 EACCES (Permission denied) bind(5, {sa_family=AF_INET6, sin6_port=htons(81), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::1", &sin6_addr), sin6_scope_id=0}, 28) = -1 EACCES (Permission denied) -- no fancy filesystem attributes, just a very unassuming ext4. I must be missing something very obvious....oops, never mind, it's strace, of course -- that's even mentioned in man 7 capabilities. -- Stefano