gdb cannot attach to process

Question

Here is the OS I am using:

Linux securecluster 4.9.8-moby #1 SMP Wed Feb 8 09:56:43 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

When trying to attach gdb to hanging process as root user, I got the following:

Attaching to process 9636
Could not attach to process.  If your uid matches the uid of the target
process, check the setting of /proc/sys/kernel/yama/ptrace_scope, or try
again as the root user.  For more details, see /etc/sysctl.d/10-ptrace.conf
ptrace: Operation not permitted.

I modified /etc/sysctl.d/10-ptrace.conf ,resulting in:

kernel.yama.ptrace_scope = 0

However, I got the same error. I tried changing /proc/sys/kernel/yama/ptrace_scope :

echo 0 | tee /proc/sys/kernel/yama/ptrace_scope
tee: /proc/sys/kernel/yama/ptrace_scope: Read-only file system

Hint is appreciated.

In case you are in a docker container, try to re-enter it with `docker exec --privileged -ti bash` and gdb should just work! See https://unix.stackexchange.com/a/328861/480898 — it-alien, Aug 21 '23 at 05:07

score 17 · Answer 1 · answered Jul 18 '17 at 15:49

17

I modified /etc/sysctl.d/10-ptrace.conf

This will only take effect on next reboot.

Until then, just do sudo sysctl -w kernel.yama.ptrace_scope=0

answered Jul 18 '17 at 15:49

Employed Russian

199,314
34
295
362

4

I tried that command: sysctl -w kernel.yama.ptrace_scope=0 sysctl: setting key "kernel.yama.ptrace_scope": Read-only file system – Ted Jul 18 '17 at 15:58
2

@Ted did you find a solution to the Read-only file system issue? – escapecharacter Oct 04 '18 at 23:07

Florian Weimer · Accepted Answer · 2021-12-17T09:51:22.783

11

Are you using a container engine? Try attaching to the process from the outside of the container (on the host); it may have a different PID there.

Alternatively, launch the container with the CAP_SYS_PTRACE capability (using --cap-add=SYS_PTRACE, for example). Of course, if you cannot reproduce the hang, then you cannot use this approach.

edited Dec 17 '21 at 09:51

answered Jul 18 '17 at 15:51

Florian Weimer

32,022
3
48
92

The environment is in docker. I couldn't find the process outside docker. – Ted Jul 18 '17 at 15:57
The process might have a different PID on the outside. Come to think of it, it may also help yo lift the YAMA ptrace restriction on the host (if it is enabled at all). – Florian Weimer Jul 18 '17 at 16:03
I use Docker on MacBook. Should the --cap-add flag be added in Dockerfile ? – Ted Jul 18 '17 at 16:12
No, it's an argument to `docker run`. – Florian Weimer Jul 18 '17 at 16:18
It's actually `--cap-add=SYS_PTRACE`. – yyFred Dec 16 '21 at 22:47

score 0 · Answer 3 · answered Jun 09 '21 at 08:09

@Ted @escapecharacter The kernel parameters you are referring to are taken from the host system that is why it is read-only, you cannot edit the actual config file from inside the container. you can override it in the container, just drop the -w flag to #sudo sysctl kernel.yama.ptrace_scope=0 . A permanent solution is to do this on the host node and all containers would inherit this by default.

gdb cannot attach to process

3 Answers3