Comment 10 for bug 1872175

I was tracing caps and syscalls for the security Team.

$ while ! pidof gpsd; do sleep 0.001; done; sudo capable-bpfcc -K -p $(pidof gpsd)
...
Does not report anything.

The same without -p and runnign through gpsd init is better.
CAP_DAC_READ_SEARCH is from some /proc access and the ptrace seems to be related to the same.

I also gathered strace data for a gpsd init.