kubectl-debug icon indicating copy to clipboard operation
kubectl-debug copied to clipboard
verified publisher icon aylei

some question about use strace inside container

Open 3JIou opened this issue 6 years ago • 6 comments

i need to use strace for debug and i have ask how to set SYS_PTRACE for debug container? like that: securityContext: capabilities: add: - SYS_PTRACE # <-- the privilege thx

3JIou avatar Sep 24 '19 03:09 3JIou

https://github.com/aylei/kubectl-debug/blob/8fbb788cce08988bf14112e54f578b3017a25e27/pkg/agent/runtime.go#L166 The debug container has SYS_PTRACE capability added already, did you hit a problem about this?

aylei avatar Sep 24 '19 04:09 aylei

yes bash-5.0# ps aux PID USER TIME COMMAND 1 nobody 1d12 /usr/local/bin/binary -c=/config/phpr.toml 31 root 0:00 bash 37 root 0:00 ps aux

bash-5.0# strace -p 1 strace: test_ptrace_get_syscall_info: PTRACE_TRACEME: Operation not permitted strace: attach: ptrace(PTRACE_ATTACH, 1): Operation not permitted

3JIou avatar Sep 25 '19 10:09 3JIou

what's the output of kubectl debug --version?

aylei avatar Sep 26 '19 02:09 aylei

~/kuber-fdb » kubectl-debug --version
debug version v0.0.0-master+$Format:%h$

3JIou avatar Sep 26 '19 02:09 3JIou

@3JIou I see, let me try to reproduce

aylei avatar Sep 26 '19 16:09 aylei

@3JIou Could you try out v0.2.0-rc?

aylei avatar Apr 28 '20 13:04 aylei