[This bug was reported via email by Marcus Gelderie.] The "==" argument is supposed to re-exec capsh with the remaining command line arguments. It only works reliably if you explicitly specify the full pathname of the capsh file. For example: $ /sbin/capsh == --print Current: = [...] However, if you rely on the PATH to find capsh it fails with a misleading error: $ PATH=/sbin capsh == --print execve /bin/bash failed! There are two issues here: 1. The "==" attempt fails in this latter case 2. The error is displaying the shell path and not the failed capsh binary path. This fails at HEAD. There is a subtlety at work here related to --chroot. There may not be a capsh present at the same location in the PATH after the chroot. We'll resolve this bug when 1 and 2 are no longer true and we've documented how things work in the case of chroot use.
https://git.kernel.org/pub/scm/libs/libcap/libcap.git/commit/?id=68240b124cc62744a7a412a7afc85b5c56a48e14
Bug fix still needed.
https://git.kernel.org/pub/scm/libs/libcap/libcap.git/commit/?id=9d8eaab7f74cf1d925910901e5181173ab11d14d