13

Here is the OS I am using:

Linux securecluster 4.9.8-moby #1 SMP Wed Feb 8 09:56:43 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

When trying to attach gdb to hanging process as root user, I got the following:

Attaching to process 9636
Could not attach to process.  If your uid matches the uid of the target
process, check the setting of /proc/sys/kernel/yama/ptrace_scope, or try
again as the root user.  For more details, see /etc/sysctl.d/10-ptrace.conf
ptrace: Operation not permitted.

I modified /etc/sysctl.d/10-ptrace.conf ,resulting in:

kernel.yama.ptrace_scope = 0

However, I got the same error. I tried changing /proc/sys/kernel/yama/ptrace_scope :

echo 0 | tee /proc/sys/kernel/yama/ptrace_scope
tee: /proc/sys/kernel/yama/ptrace_scope: Read-only file system

Hint is appreciated.

Improve this question
1
  • In case you are in a docker container, try to re-enter it with docker exec --privileged -ti <container> bash and gdb should just work! See unix.stackexchange.com/a/328861/480898 Commented Aug 21, 2023 at 5:07

3 Answers 3

Reset to default
22

I modified /etc/sysctl.d/10-ptrace.conf

This will only take effect on next reboot.

Until then, just do sudo sysctl -w kernel.yama.ptrace_scope=0

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

I tried that command: sysctl -w kernel.yama.ptrace_scope=0 sysctl: setting key "kernel.yama.ptrace_scope": Read-only file system
@Ted did you find a solution to the Read-only file system issue?
15

Are you using a container engine? Try attaching to the process from the outside of the container (on the host); it may have a different PID there.

Alternatively, launch the container with the CAP_SYS_PTRACE capability (using --cap-add=SYS_PTRACE, for example). Of course, if you cannot reproduce the hang, then you cannot use this approach.

Improve this answer

5 Comments

The environment is in docker. I couldn't find the process outside docker.
The process might have a different PID on the outside. Come to think of it, it may also help yo lift the YAMA ptrace restriction on the host (if it is enabled at all).
I use Docker on MacBook. Should the --cap-add flag be added in Dockerfile ?
No, it's an argument to docker run.
It's actually --cap-add=SYS_PTRACE.
0

@Ted @escapecharacter The kernel parameters you are referring to are taken from the host system that is why it is read-only, you cannot edit the actual config file from inside the container. you can override it in the container, just drop the -w flag to #sudo sysctl kernel.yama.ptrace_scope=0 . A permanent solution is to do this on the host node and all containers would inherit this by default.

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.