The simplest solution IMO would be to disable the seccomp protections provided by libbeat that prohibit the beat from executing anything. You can add
seccomp.enabed: false
to your config file or add
-E seccomp.enabled=false
to your CLI args.
You can read more about the seccomp feature in any one of the Beat's documentation. https://www.elastic.co/guide/en/beats/metricbeat/6.4/linux-seccomp.html
And there is more developer level info in the readme at https://github.com/elastic/beats/tree/master/libbeat/common/seccomp.