[英]gdbserver does not attach to a running process in a docker container
In my docker container (based on SUSE distribution SLES 15) both the C++ executable (with debug enhanced code) and the gdbserver executable are installed.在我的 docker 容器(基于 SUSE 发行版 SLES 15)中,安装了 C++ 可执行文件(带有调试增强代码)和 gdbserver 可执行文件。
Before doing anything productive the C++ executable sleeps for 5 seconds, then initializes and processes data from a database.在执行任何有效操作之前,C++ 可执行文件会休眠 5 秒,然后初始化并处理来自数据库的数据。 The processing time is long enough to attach it to gdbserver.
处理时间足以将其附加到 gdbserver。
The C++ executable is started in the background and its process id is returned to the console. C++ 可执行文件在后台启动,其进程 ID 返回到控制台。
Immediately afterwards the gdbserver is started and attaches to the same process id.紧接着 gdbserver 启动并附加到相同的进程 ID。
Problem: The gdbserver complains not being able to connect to the process:问题:gdbserver 抱怨无法连接到进程:
Cannot attach to lwp 59: No such file or directory (2)
无法附加到 lwp 59:没有这样的文件或目录 (2)
Exiting退出
In another attempt, I have copied the same gdbserver executable to /tmp in the docker container.在另一次尝试中,我已将相同的 gdbserver 可执行文件复制到 docker 容器中的 /tmp。
Starting this gdbserver gave a different error response:启动这个 gdbserver 给出了不同的错误响应:
Cannot attach to process 220: Operation not permitted (1)
无法附加到进程 220:不允许操作 (1)
Exiting退出
It has been verified, that in both cases the process is still running.经验证,在这两种情况下,进程仍在运行。 'ps -e' clearly shows the process id and the process name.
'ps -e' 清楚地显示了进程 id 和进程名称。
If the process is already finished, a different error message is thrown;如果进程已经完成,则抛出不同的错误信息; this is clear and needs not be explained:
这很清楚,无需解释:
gdbserver: unable to open /proc file '/proc/79/status'
gdbserver: 无法打开 /proc 文件“/proc/79/status”
The gdbserver was started once from outside of the container and once from inside. gdbserver 从容器外部启动一次,从内部启动一次。
In both scenarios the gdbserver refused to attach the running process:在这两种情况下,gdbserver 都拒绝附加正在运行的进程:
Can someone explain what causes gdbserver refusing to attach to the specified process and give advice how to overcome the mismatch, ie where/what do I need to examine for to prepare the right handshake between the C++ executable and the gdbserver?有人可以解释是什么导致 gdbserver 拒绝附加到指定的进程并给出如何克服不匹配的建议,即我需要检查哪里/什么来准备 C++ 可执行文件和 gdbserver 之间的正确握手?
The basic reason why gdbserver could not attach to the running C++ process is due to a security enhancement in Ubuntu (versions >= 10.10): gdbserver 无法附加到正在运行的 C++ 进程的基本原因是由于 Ubuntu(版本 >= 10.10)中的安全增强:
By default, process A cannot trace a running process B unless B is a direct child of A (or A runs as root).默认情况下,进程 A 无法跟踪正在运行的进程 B,除非 B 是 A 的直接子进程(或 A 以 root 身份运行)。
Direct debugging is still always allowed, eg gdb EXE
and strace EXE
.始终允许直接调试,例如
gdb EXE
和strace EXE
。
The restriction can be loosen by changing the value of /proc/sys/kernel/yama/ptrace_scope
from 1 (=default) to 0 (=tracing allowed for all processes).可以通过将
/proc/sys/kernel/yama/ptrace_scope
从 1(=默认)更改为 0(=允许所有进程进行跟踪)来放松限制。 The security setting can be changed with:可以通过以下方式更改安全设置:
echo 0 | sudo tee /proc/sys/kernel/yama/ptrace_scope
All credits for the description of ptrace scope belong to the following post, see 2nd answer by Eliah Kagan - thank you for the thorough explanation! ptrace 范围描述的所有学分都属于以下帖子,请参阅 Eliah Kagan 的第二个答案 - 感谢您的详尽解释! - here:
- 这里:
https://askubuntu.com/questions/143561/why-wont-strace-gdb-attach-to-a-process-even-though-im-root https://askubuntu.com/questions/143561/why-wont-strace-gdb-attach-to-a-process-even-though-im-root
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.