如何解决“不允许执行 ptrace 操作"?尝试将 GDB 附加到进程时? [英] How to solve "ptrace operation not permitted" when trying to attach GDB to a process?

问题描述

我正在尝试使用 gdb 附加一个程序，但它返回:

I'm trying to attach a program with gdb but it returns:

附加到进程 29139
无法附加到进程.如果您的 uid 与目标的 uid 匹配进程，检查/proc/sys/kernel/yama/ptrace_scope 的设置，或尝试再次以root用户身份.有关详细信息，请参阅/etc/sysctl.d/10-ptrace.conf
ptrace: 不允许操作.

Attaching to process 29139
Could not attach to process. If your uid matches the uid of the target process, check the setting of /proc/sys/kernel/yama/ptrace_scope, or try again as the root user. For more details, see /etc/sysctl.d/10-ptrace.conf
ptrace: Operation not permitted.

gdb-debugger 返回无法附加到进程，请检查权限并重试."

gdb-debugger returns "Failed to attach to process, please check privileges and try again."

strace 返回attach: ptrace(PTRACE_ATTACH, ...): Operation not allowed"

strace returns "attach: ptrace(PTRACE_ATTACH, ...): Operation not permitted"

我将 "kernel.yama.ptrace_scope" 1 更改为 0 并将 /proc/sys/kernel/yama/ptrace_scope 1 更改为 0 并尝试 set environment LD_PRELOAD=./ptrace.so 用这个:

I changed "kernel.yama.ptrace_scope" 1 to 0 and /proc/sys/kernel/yama/ptrace_scope 1 to 0 and tried set environment LD_PRELOAD=./ptrace.so with this:

#include <stdio.h>
int ptrace(int i, int j, int k, int l) {
    printf(" ptrace(%i, %i, %i, %i), returning -1
", i, j, k, l);
    return 0;
}

但它仍然返回相同的错误.如何将它附加到调试器?

But it still returns the same error. How can I attach it to debuggers?

推荐答案

如果你使用 Docker，你可能需要这些选项:

If you are using Docker, you will probably need these options:

docker run --cap-add=SYS_PTRACE --security-opt seccomp=unconfined

如果您使用的是 Podman，您可能还需要它的 --cap-add 选项:

If you are using Podman, you will probably need its --cap-add option too:

podman run --cap-add=SYS_PTRACE

这篇关于如何解决“不允许执行 ptrace 操作"?尝试将 GDB 附加到进程时?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！