After a Capsicum-enabled job is launched, it immediately aborts prior to calling main() with this error message:

ELF interpreter /libexec/ld-elf.so.1 not found, error 94

That file does exist, but perhaps it needs to be opened/accessed prior to calling cap_enter() ?

Steps to reproduce

Run this from the top level of your working copy of jobd:

./configure
make
JOBD_DEBUG_NOFORK=yes ./src/jobd/jobd -fv &
cd test/capsicum
make clean all check

After this, you should see a bunch of debugging output as jobd executes the job.

I can verify that it is definitely crashing during/after fexecve(). I was able to set a breakpoint in the debugger and saw this:

Breakpoint 2, 0x00000008013fff70 in fexecve () from /lib/libc.so.7
(gdb) n
Single stepping until exit from function fexecve, 
which has no line number information.
ELF interpreter /libexec/ld-elf.so.1 not found, error 94

Program terminated with signal SIGABRT, Aborted.
The program no longer exists.

Capsicum capability mode prevents normal access to the filesystem, which is problematic for fexecveing dynamically linked binaries -- the new program needs to get at the filesystem to pull in the runtime linker and all of the referenced libraries.

For FreeBSD, Jon put in the beginnings of a way around this, but I don't think it's complete.

It should be possible to fexecve statically linked binaries though.

I tried using LD_LIBRARY_PATH_FDS as documented, but it didn't work. The error message stayed the same.

I was able to fexecve() a statically compiled executable, however.