堆栈内存溢出
  简体   繁体   English

gdbserver 不会附加到 docker 容器中正在运行的进程

[英]gdbserver does not attach to a running process in a docker container

 原文  2020-11-09 12:14:46       docker/ gdbserver

问题描述

In my docker container (based on SUSE distribution SLES 15) both the C++ executable (with debug enhanced code) and the gdbserver executable are installed.在我的 docker 容器(基于 SUSE 发行版 SLES 15)中,安装了 C++ 可执行文件(带有调试增强代码)和 gdbserver 可执行文件。
Before doing anything productive the C++ executable sleeps for 5 seconds, then initializes and processes data from a database.在执行任何有效操作之前,C++ 可执行文件会休眠 5 秒,然后初始化并处理来自数据库的数据。 The processing time is long enough to attach it to gdbserver.处理时间足以将其附加到 gdbserver。
The C++ executable is started in the background and its process id is returned to the console. C++ 可执行文件在后台启动,其进程 ID 返回到控制台。
Immediately afterwards the gdbserver is started and attaches to the same process id.紧接着 gdbserver 启动并附加到相同的进程 ID。

Problem: The gdbserver complains not being able to connect to the process:问题:gdbserver 抱怨无法连接到进程:

Cannot attach to lwp 59: No such file or directory (2)无法附加到 lwp 59:没有这样的文件或目录 (2)
Exiting退出

In another attempt, I have copied the same gdbserver executable to /tmp in the docker container.在另一次尝试中,我已将相同的 gdbserver 可执行文件复制到 docker 容器中的 /tmp。
Starting this gdbserver gave a different error response:启动这个 gdbserver 给出了不同的错误响应:

Cannot attach to process 220: Operation not permitted (1)无法附加到进程 220:不允许操作 (1)
Exiting退出

It has been verified, that in both cases the process is still running.经验证,在这两种情况下,进程仍在运行。 'ps -e' clearly shows the process id and the process name. 'ps -e' 清楚地显示了进程 id 和进程名称。
If the process is already finished, a different error message is thrown;如果进程已经完成,则抛出不同的错误信息; this is clear and needs not be explained:这很清楚,无需解释:

gdbserver: unable to open /proc file '/proc/79/status' gdbserver: 无法打开 /proc 文件“/proc/79/status”

The gdbserver was started once from outside of the container and once from inside. gdbserver 从容器外部启动一次,从内部启动一次。
In both scenarios the gdbserver refused to attach the running process:在这两种情况下,gdbserver 都拒绝附加正在运行的进程:

  1. $ kubectl exec -it POD_NAME --container debugger -- gdbserver --attach :44444 59 $ kubectl exec -it POD_NAME --container debugger -- gdbserver --attach :44444 59
    Cannot attach to lwp 59: No such file or directory (2)无法附加到 lwp 59:没有这样的文件或目录 (2)
    Exiting退出
  2. $ kubectl exec -it POD_NAME -- /bin/bash $ kubectl exec -it POD_NAME -- /bin/bash
    bash-4.4$ cd /tmp bash-4.4$ cd /tmp
    bash-4.4$ ./gdbserver 10.0.2.15:44444 --attach 220 bash-4.4$ ./gdbserver 10.0.2.15:44444 --attach 220
    Cannot attach to process 220: Operation not permitted (1)无法附加到进程 220:不允许操作 (1)
    Exiting退出

Can someone explain what causes gdbserver refusing to attach to the specified process and give advice how to overcome the mismatch, ie where/what do I need to examine for to prepare the right handshake between the C++ executable and the gdbserver?有人可以解释是什么导致 gdbserver 拒绝附加到指定的进程并给出如何克服不匹配的建议,即我需要检查哪里/什么来准备 C++ 可执行文件和 gdbserver 之间的正确握手?

1 个解决方案

解决方案1
 0 已采纳  2020-11-12 13:07:15

The basic reason why gdbserver could not attach to the running C++ process is due to a security enhancement in Ubuntu (versions >= 10.10): gdbserver 无法附加到正在运行的 C++ 进程的基本原因是由于 Ubuntu(版本 >= 10.10)中的安全增强:
By default, process A cannot trace a running process B unless B is a direct child of A (or A runs as root).默认情况下,进程 A 无法跟踪正在运行的进程 B,除非 B 是 A 的直接子进程(或 A 以 root 身份运行)。
Direct debugging is still always allowed, eg gdb EXE and strace EXE .始终允许直接调试,例如gdb EXEstrace EXE

The restriction can be loosen by changing the value of /proc/sys/kernel/yama/ptrace_scope from 1 (=default) to 0 (=tracing allowed for all processes).可以通过将/proc/sys/kernel/yama/ptrace_scope从 1(=默认)更改为 0(=允许所有进程进行跟踪)来放松限制。 The security setting can be changed with:可以通过以下方式更改安全设置:
echo 0 | sudo tee /proc/sys/kernel/yama/ptrace_scope

All credits for the description of ptrace scope belong to the following post, see 2nd answer by Eliah Kagan - thank you for the thorough explanation! ptrace 范围描述的所有学分都属于以下帖子,请参阅 Eliah Kagan 的第二个答案 - 感谢您的详尽解释! - here: - 这里:
https://askubuntu.com/questions/143561/why-wont-strace-gdb-attach-to-a-process-even-though-im-root https://askubuntu.com/questions/143561/why-wont-strace-gdb-attach-to-a-process-even-though-im-root

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 我如何gdb附加到在docker容器中运行的进程? - How can I gdb attach to a process running in a docker container? 以编程方式将调试器附加到在 Docker 容器内运行的进程 - Programmatically attach a debugger to a process running inside a Docker Container 指定要附加的 docker 进程的容器 ID - Specify Container ID of docker process to attach 如何将 WinDbg 附加到在 Windows Docker 容器内运行的进程? - How can you attach WinDbg to a process running inside a Windows Docker Container? 如何将 VisualVM 附加到在 Docker 容器中运行的简单 Java 进程 - How do I attach VisualVM to a simple Java process running in a Docker container 如何将 VS Code 调试器附加到在 docker 容器中运行的 .NET Core 监视进程 - How do I attach VS Code debugger to a .NET Core watch process running in docker container 无法将终端连接到docker中正在运行的容器 - Can't attach terminal to a running container in docker 如何将VS代码附加到在docker容器中运行的节点进程 - How can I attach VS Code to a node process running in a docker container 无法附加到运行Docker容器的bash - Can't attach to bash running the Docker container 是否可以附加到正在运行 flask 的 docker 容器? - Is it possible to attach to a docker container that is actively running flask?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM