Quoting Ryan Lortie from [1]:
I assumed from my reading of the Linux code ("cap_clear()...") that it
was clearing all capabilities of the process when in fact it is only
clearing the "special to root" capabilities.
The FreeBSD version of the code indeed clears _all_ capabilities beyond
ones that the process already has (ie: cannot open any new files, create
sockets, etc.)
This has a pretty obvious adverse effect on pulseaudio's ability to do
what it needs to do -- indeed, it bombs out pretty quickly due to an
inability to read its own config file.
[1] https://bugs.freedesktop.org/show_bug.cgi?id=72580#c11
pa_assert_se(cap_clear(caps) == 0);
pa_assert_se(cap_set_proc(caps) == 0);
pa_assert_se(cap_free(caps) == 0);
-#elif defined(__FreeBSD__)
- pa_assert_se (cap_enter () == 0);
#else
#error "Don't know how to do capabilities on your system. Please send a patch."
#endif /* __linux */