I was tracing caps and syscalls for the security Team.
$ while ! pidof gpsd; do sleep 0.001; done; sudo capable-bpfcc -K -p $(pidof gpsd)
...
Does not report anything.
The same without -p and runnign through gpsd init is better.
CAP_DAC_READ_SEARCH is from some /proc access and the ptrace seems to be related to the same.
I was tracing caps and syscalls for the security Team.
$ while ! pidof gpsd; do sleep 0.001; done; sudo capable-bpfcc -K -p $(pidof gpsd)
...
Does not report anything.
The same without -p and runnign through gpsd init is better.
CAP_DAC_READ_SEARCH is from some /proc access and the ptrace seems to be related to the same.
I also gathered strace data for a gpsd init.