As far as I know ptrace system call is disabled by default in docker containers and strace is using ptrace.
Example:
docker run -it ubuntu:latest bash
root@f592f4019a65:/# strace sleep
execve("/usr/bin/sleep", ["sleep"], 0x7ffc66c181f0 /* 8 vars */) = 0
brk(NULL) = 0x55e44c6f3000
arch_prctl(0x3001 /* ARCH_??? */, 0x7ffc81c678d0) = -1 EINVAL (Invalid argument)
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=7218, ...}) = 0
mmap(NULL, 7218, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f95bf446000
close(3) = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\360q\2\0\0\0\0\0"..., 832) = 832
pread64(3, "\6\0\0\0\4\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0"..., 784, 64) = 784
pread64(3, "\4\0\0\0\20\0\0\0\5\0\0\0GNU\0\2\0\0\300\4\0\0\0\3\0\0\0\0\0\0\0", 32, 848) = 32
pread64(3, "\4\0\0\0\24\0\0\0\3\0\0\0GNU\0cBR\340\305\370\2609W\242\345)q\235A\1"..., 68, 880) = 68
fstat(3, {st_mode=S_IFREG|0755, st_size=2029224, ...}) = 0
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f95bf444000
...
So, as seen strace managed to trace system calls. But why ptrace is permitted in this case?
