~/home:michals/python-python-prctl> rm ping ~/home:michals/python-python-prctl> cat /usr/bin/ping > ping ./ping -c1 localhost bash: ./ping: Permission denied So cp copies the capability settings but cat creates a new file which does not have any capability settings and that does not work anymore. -> looks like PR_SET_NO_NEW_PRIVS is broken on Tumbleweed kernel