Some further info. I'm using Onion's build of OpenWrt 18.06 and now I'm beginning to wonder if this is a SECCOMP related issue. From trawling the net I think capabilities are able to be declared when a jail is used, so I'll try that.
I remain mystified though. I would have thought that procd would have provided all privileges to a non-jailed service. Is anyone able to confirm?
18.06 has been eol for several years and is unsupported now.
since you are not using an official openwrt standard release build, you should ask the maintainer of the version you are using for help with your issue. The community here is unlikely to know the details of somebody else’s customized version.
It appears that a reboot fixed it. There must have been some old state, perhaps within the world of ubus. I had previously tried running within a jail and later discovered that my OS build didn't include procd-jail. Hopefully, this dialogue may help someone in future, even with later versions of the OS.