[kwin] [Bug 521013] New: kwin_wayland_wrapper leaks ambient capabilities (CAP_SYS_NICE) to child processes, breaking bwrap

Wed, 03 Jun 2026 10:20:03 -0700 

https://bugs.kde.org/show_bug.cgi?id=521013

            Bug ID: 521013
           Summary: kwin_wayland_wrapper leaks ambient capabilities
                    (CAP_SYS_NICE) to child processes, breaking bwrap
    Classification: Plasma
           Product: kwin
      Version First 6.6.5
       Reported In:
          Platform: Arch Linux
                OS: Linux
            Status: REPORTED
          Severity: normal
          Priority: NOR
         Component: wayland-generic
          Assignee: [email protected]
          Reporter: [email protected]
  Target Milestone: ---

DESCRIPTION
When running KWin as a standalone Wayland compositor via kwin_wayland_wrapper,
KWin is leaking its ambient capabilities (specifically CAP_SYS_NICE) down to
the child processes it spawns.

This creates a critical environment breakage for unprivileged sandboxing tools
like Bubblewrap (bwrap), which instantly terminate when they detect unexpected
high-level ambient capabilities.

STEPS TO REPRODUCE

Launch a minimal Wayland session from a TTY using the wrapper:
/usr/bin/kwin_wayland_wrapper --xwayland 'es-de --no-splash'

Attempt to launch any application from within that session that relies on bwrap
(e.g., Proton, umu-launcher, or Steam Linux Runtime).

The child process instantly crashes.

OBSERVED RESULT
Capturing the stderr from the crashed child process reveals:
pressure-vessel-wrap[772]: E: Child process exited with code 1: bwrap:
Unexpected capabilities but not setuid, old file caps config?

EXPECTED RESULT
Child processes spawned by the wrapper should inherit a clean, unprivileged
environment without KWin's elevated ambient capabilities.

SOFTWARE/OS VERSIONS
Operating System: Arch Linux
KDE Plasma Version: 6.6.5
KDE Frameworks Version: 6.26.0
Qt Version: 6.11.1

ADDITIONAL INFORMATION
Workaround Proof:
If I manually strip the ambient capabilities before executing the frontend, the
environment is sanitised and all bwrap containers launch perfectly:
/usr/bin/kwin_wayland_wrapper --xwayland 'setpriv --ambient-caps="-all" es-de
--no-splash'

Testing Context:
This was reproduced on a completely re-imaged, fresh, bare-metal installation
to strictly rule out local system state corruption.

-- 
You are receiving this mail because:
You are watching all bug changes.

Reply via email to