Error Codes Wiki

Linux EPERM (errno 1) — Operation Not Permitted (Deep Dive)

Warningerrno

Overview

Deep dive into Linux EPERM error covering capability-based permissions, namespace restrictions, AppArmor/SELinux denials, and advanced troubleshooting beyond simple sudo.

Key Details

  • EPERM (errno 1) means the process lacks the required privilege for the operation
  • Different from EACCES (errno 13): EPERM is about capability/privilege, EACCES is about file permissions
  • Linux capabilities (CAP_NET_ADMIN, CAP_SYS_ADMIN, etc.) provide fine-grained privilege control
  • SELinux and AppArmor Mandatory Access Control can return EPERM even for root
  • Container namespaces restrict capabilities even when running as UID 0 inside the container

Common Causes

  • Process running without required Linux capability (e.g., CAP_NET_RAW for raw sockets)
  • SELinux denying the operation based on security context
  • AppArmor profile restricting the operation
  • Running inside a container with dropped capabilities
  • Immutable file attribute set (chattr +i) preventing modification even by root

Steps

  1. 1Check if SELinux is blocking: ausearch -m avc -ts recent or check /var/log/audit/audit.log
  2. 2Check AppArmor: dmesg | grep apparmor for denial messages
  3. 3Check immutable attribute: lsattr /path/to/file — 'i' means immutable, remove with chattr -i
  4. 4Check required capabilities: capsh --print to see current process capabilities
  5. 5For containers: add needed capability with --cap-add=CAP_NAME in docker run

Tags

linuxepermerrno-1capabilitiesselinux

More in Errno

linux-errno-1-epermLinux errno 1 (EPERM) — Operation Not Permitted
Warning
linux-errno-2-enoentLinux errno 2 (ENOENT) — No Such File or Directory
Warning
linux-errno-5-eioLinux errno 5 (EIO) — Input/Output Error
Error
linux-errno-11-eagainLinux errno 11 (EAGAIN) — Resource Temporarily Unavailable
Informational
linux-errno-12-enomemLinux errno 12 (ENOMEM) — Out of Memory
Critical
linux-errno-13-eaccesLinux errno 13 (EACCES) — Permission Denied
Warning

Frequently Asked Questions

SELinux/AppArmor can deny root. Immutable attributes block even root. Container namespaces limit capabilities. These go beyond simple privilege escalation.