gdb in docker container returns "ptrace: Operation not permitted."

c++ docker centos gdb fedora
Adrian Cornish picture Adrian Cornish · Feb 3, 2017 · Viewed 20.9k times · Source

I've checked /proc/sys/kernel/yama/ptrace_scope in the container and on the host - both report the value as zero but when attached to pid one gdb reports 

Reading symbols from /opt/my-web-proxy/bin/my-web-proxy...done.
Attaching to program: /opt/my-web-proxy/bin/my-web-proxy, process 1
ptrace: Operation not permitted.

I've also tried attached to the container with the privileged flag

docker exec --privileged -it mywebproxy_my-proxy_1 /bin/bash

Host OS is Fedora 25 with docker from their repos and container is a official centos6.8

Answer

Adrian Cornish picture Adrian Cornish · Feb 3, 2017

I discovered the answer - the container needs to be started with strace capabilities

Adding this to my docker-compose.yml file allows GDB to work

cap_add:
    - SYS_PTRACE

Or it can also be passed on the docker command line with --cap-add=SYS_PTRACE

Related questions

Easiest way to convert int to string in C++

What is the easiest way to convert from int to equivalent string in C++. I am aware of two methods. Is there any easier way? (1) int a = 10; char *intStr = itoa(a); string str = string(intStr); (2) int a = 10; stringstream ss; ss &…

Read More
The Definitive C++ Book Guide and List

This question attempts to collect the few pearls among the dozens of bad C++ books that are published every year. Unlike many other programming languages, which are often picked up on the go from tutorials found on the Internet, few …

Read More
How do I iterate over the words of a string?

I'm trying to iterate over the words of a string. The string can be assumed to be composed of words separated by whitespace. Note that I'm not interested in C string functions or that kind of character manipulation/access. Also, …

Read More