506052 2025-06-23 14:44:15 +0000 powerdevil cannot start because of CAP_WAKE_ALARM for users with UIDs below 500 or above 1000 2025-07-03 12:01:39 +0000 1 1 4 Plasma plasmashell Power management & brightness 6.4.0 Arch Linux Linux RESOLVED FIXED regression HI normal 1.0 1 yamagi plasma-bugs-null antoine.gatineau bshah chaitanya.chalasani jankmann joe john jonathan.lieb kdedev nate theo walmartshopper https://invent.kde.org/plasma/powerdevil/-/commit/6b9fc3d4688219029b94739d348491d433445dd3 6.4.2 0 oldest_to_newest 2435410 0 yamagi 2025-06-23 14:44:15 +0000 Since Plasma 6.4.0 the powerdevil systemd unit sets 'AmbientCapabilities=CAP_WAKE_ALARM'. powerdevil is spawned as a user service and can only gain capabilities which the 'systemd --user' service for the session has: % ps auxww | grep "systemd --user" yamagi 1180 0.0 0.0 21804 11744 ? Ss 07:26 0:01 /usr/lib/systemd/systemd --user % cat /proc/1180/status | grep CapAmb CapAmb: 0000000000000000 -> The 'systemd --user' has no ambient capabilities, therefor it cannot set 'CAP_WAKE_ALARM' and starting powerdevil fails: % journalctl --user -xu plasma-powerdevil.service Jun 23 08:52:04 blubb (werdevil)[17116]: plasma-powerdevil.service: Failed to apply ambient capabilities (before UID change): Operation not permitted Jun 23 08:52:04 blubb (werdevil)[17116]: plasma-powerdevil.service: Failed at step CAPABILITIES spawning /usr/lib/org_kde_powerdevil: Operation not permitted This can be worked around by commenting the 'AmbientCapabilities=CAP_WAKE_ALARM'. Functionality requiring the CAP_WAKE_ALARM won't work, though. Linux/KDE Plasma: Arch Linux as of 23.06.2025 ca. 05:00 UTC with Linux 6.15.3-arch1-1 and systemd 257.6-1 KDE Plasma Version: 6.4.0 KDE Frameworks Version: 6.15.0 Qt Version: 6.9.1 2435519 1 arojas 2025-06-23 18:56:49 +0000 *** Bug 506062 has been marked as a duplicate of this bug. *** 2435649 2 john 2025-06-24 06:52:53 +0000 For what it's worth, I can't reproduce this issue on my Fedora KDE 42 device with Plasma built from git master, so it does include that AmbientCapabilities line, and systemd 257.6. For others' reference, the relevant code change was made here: https://invent.kde.org/plasma/powerdevil/-/merge_requests/537 2435927 3 nate 2025-06-24 19:11:04 +0000 I also can't reproduce it, either with Fedora packages, or built-from-source powerdevil. 2436084 4 bshah 2025-06-25 04:36:02 +0000 I can't really reproduce this in Arch Linux setup with same version of systemd and plasma. Are you using by chance systemd-homed or anything special in your setup wrt PAM or systemd? 2436086 5 bshah 2025-06-25 04:38:26 +0000 For reference CapAmb is wrong for some reason but this is correctly shown, ➜ pscap -p 1739 ppid pid uid command capabilities 1315 1739 bshah org_kde_powerde wake_alarm @ + ~ … ➜ pscap -p 1315 ppid pid uid command capabilities 1 1315 bshah systemd wake_alarm + 2436115 6 yamagi 2025-06-25 07:01:12 +0000 Bhushans hints helped a lot. I figured it out. As already suspected this isn't a KDE problem but a configuration problem at my side: Since version 254 systemd adds CAP_WAKE_ALARM via pam_systemd to the user session - https://github.com/systemd/systemd/blob/0e2f18eedd6b9be32b1c1122dcd2c30319074c7f/NEWS#L703 when compiled with defaults systemd treats UIDs >= 1000 as user accounts and UIDs >= 500 && < 1000 as system accounts. This cannot be overridden in /etc/login.defs unless systemd is compiled with -Dcompat-mutable-uid-boundaries=true which Arch doesn't set. Sometimes I'm forced to work on AFS filesystems (yes, these things still exists) and out of convenience I set my local UID to my AFS UID 691. Since UID 691 is treated as a system user systemd doesn't set CAP_WAKE_ALARM on the session and powerdevil cannot start. Changing the UID to 1001 helps. With this the problem is solved for me. I'm not closing here because there were other reports marked as duplicate of this bug, they might be caused by different configuration errors or something else. Nevertheless sorry for the noise. :/ 2436265 7 walmartshopper 2025-06-25 16:55:48 +0000 Changing my uid from 501 to 1000 solved this issue for me. It also fixed kcm_users not working correctly. 2436282 8 john 2025-06-25 17:24:43 +0000 Hi - Bhushan's already checked in with the original reporter for that issue that was merged in with this one, so I think it's safe to mark this one resolved (and then reopen the other one if needed). Thanks! 2436403 9 theo 2025-06-25 22:40:16 +0000 I ran into this bug as well, but on the other side of UID range. This is not a Plasma bug per se, but it may be practically necessary to handle these situations better than by failing to start powerdevil. My environment is all Red Hat IdM joined and the UID base is 82800000. FreeIPA, AD joined sssd, and other AD auth tools will also result in high UID numbers that pam_systemd will consider to be of "container" disposition, and thus will not have any ambient capabilities. So, this is an issue that is likely to affect many larger environments with centralized user management. 2436417 10 joe 2025-06-25 23:37:18 +0000 I am also using FreeIPA with SSSD (uid=1000003) and I am running into the same issue. 2436555 11 chaitanya.chalasani 2025-06-26 11:57:33 +0000 I have sssd uid 694702680 and powerdevil fails 2437237 12 antoine.gatineau 2025-06-29 07:54:55 +0000 hello, same issue with freeipa account (uid=1678900673). 2437393 13 bug-janitor 2025-06-30 07:14:58 +0000 A possibly relevant merge request was started @ https://invent.kde.org/plasma/powerdevil/-/merge_requests/568 2437498 14 jankmann 2025-06-30 16:23:49 +0000 FYI: The workaround posted here https://bugzilla.opensuse.org/show_bug.cgi?id=1245256 is working for me with FreeIPA. Adding a file in "/etc/userdb" that changes the disposition back(?) to regular allowed powerdevil to start again. 2438186 15 nate 2025-07-03 12:01:39 +0000 Fixed by Bhushan Shah with https://invent.kde.org/plasma/powerdevil/-/commit/6b9fc3d4688219029b94739d348491d433445dd3 for Plasma 6.4.2!