strace -f strace /bin/ls failed with PTRACE_TRACEME EPERM (Operation not permitted)

Question

When I run

strace -f strace /bin/ls 

to know how strace work it failed with

ptrace(PTRACE_TRACEME, 0, 0, 0) = -1 EPERM (Operation not permitted) 

even with root account.

It there any solution for this?

Answer 1

Docker

When running strace within Docker container, to enable ptrace, run with SYS_PTRACE param:

docker run -it --cap-add SYS_PTRACE ubuntu

See: Running Strace in Docker.

Answer 2

I mention this and more helpful tips in a recent blog post about strace.

You need to enable support for gdb, strace, and similar tools to attach to processes on the system.

You can do this temporarily by running command to set a setting proc:

sudo bash -c 'echo 0 > /proc/sys/kernel/yama/ptrace_scope'

You can persist that setting between system reboots by modifying /etc/sysctl.d/10-ptrace.conf and setting kernel.yama.ptrace_scope = 0.

If your system does not have /etc/sysctl.d/10-ptrace.conf, you can modify /etc/sysctl.conf and set kernel.yama.ptrace_scope = 0.