How to solve “ptrace operation not permitted” when trying to attach GDB to a process?

Question

I'm trying to attach a program with gdb but it returns:

Attaching to process 29139
Could not attach to process. If your uid matches the uid of the target process, check the setting of /proc/sys/kernel/yama/ptrace_scope, or try again as the root user. For more details, see /etc/sysctl.d/10-ptrace.conf
ptrace: Operation not permitted.

gdb-debugger returns "Failed to attach to process, please check privileges and try again."

strace returns "attach: ptrace(PTRACE_ATTACH, ...): Operation not permitted"

I changed "kernel.yama.ptrace_scope" 1 to 0 and /proc/sys/kernel/yama/ptrace_scope 1 to 0 and tried set environment LD_PRELOAD=./ptrace.so with this:

#include <stdio.h>
int ptrace(int i, int j, int k, int l) {
    printf(" ptrace(%i, %i, %i, %i), returning -1\n", i, j, k, l);
    return 0;
}

But it still returns the same error. How can I attach it to debuggers?

Answer 1

If you are using Docker, you will probably need these options:

docker run --cap-add=SYS_PTRACE --security-opt seccomp=unconfined

Answer 2

This is due to kernel hardening in Linux; you can disable this behavior by echo 0 > /proc/sys/kernel/yama/ptrace_scope or by modifying it in /etc/sysctl.d/10-ptrace.conf

See also this article about it in Fedora 22 (with links to the documentation) and this comment thread about Ubuntu and .

Answer 3

I would like to add that I needed --security-opt apparmor=unconfined along with the options that @wisbucky mentioned. This was on Ubuntu 18.04 (both Docker client and host). Therefore, the full invocation for enabling gdb debugging within a container is:

docker run --cap-add=SYS_PTRACE --security-opt seccomp=unconfined --security-opt apparmor=unconfined

Answer 4

Not really addressing the above use-case but I had this problem:

Problem: It happened that I started my program with sudo, so when launching gdb it was giving me ptrace: Operation not permitted.

Solution: sudo gdb ...

Answer 5

Maybe someone has attached this process with gdb.

• ps -ef | grep gdb

can't gdb attach the same process twice.

Answer 6

Jesup's answer is correct; it is due to Linux kernel hardening. In my case, I am using Docker Community for Mac, and in order to do change the flag I must enter the LinuxKit shell using justin cormack's nsenter (ref: https://www.bretfisher.com/docker-for-mac-commands-for-getting-into-local-docker-vm/ ).

docker run -it --rm --privileged --pid=host justincormack/nsenter1

/ # cat /etc/issue

Welcome to LinuxKit

                    ##         .
              ## ## ##        ==
           ## ## ## ## ##    ===
       /"""""""""""""""""\___/ ===
      {                       /  ===-
       \______ O           __/
         \    \         __/
          \____\_______/

/ # cat /proc/sys/kernel/yama/ptrace_scope

1

/ # echo 0 > /proc/sys/kernel/yama/ptrace_scope

/ # exit

Answer 7

I don't know what you are doing with LD_PRELOAD or your ptrace function.

Why don't you try attaching gdb to a very simple program? Make a program that simply repeatedly prints Hello or something and use gdb --pid [hello program PID] to attach to it.

If that does not work then you really do have a problem.

Another issue is the user ID. Is the program that you are tracing setting itself to another UID? If it is then you cannot ptrace it unless you are using the same user ID or are root.

Answer 8

I have faced the same problem and try a lot of solution but finally, I have found the solution, but really I don't know what the problem was. First I modified the ptrace_conf value and login into Ubuntu as a root but the problem still appears. But the most strange thing that happened is the gdb showed me a message that says:

Could not attach to process. If your uid matches the uid of the target process, check the setting of /proc/sys/kernel/yama/ptrace_scope, or try again as the root user.
For more details, see /etc/sysctl.d/10-ptrace.conf warning: process 3767 is already traced by process 3755 ptrace: Operation not permitted.

With ps command terminal, the process 3755 was not listed.

I found the process 3755 in /proc/$pid but I don't understand what was it!!

Finally, I deleted the target file (foo.c) that I try to attach it vid gdb and tracer c program using PTRACE_ATTACH syscall, and in the other folder, I created another c program and compiled it.

the problem is solved and I was enabled to attach to another process either by gdb or ptrace_attach syscall.

(gdb) attach 4416

Attaching to process 4416

and I send a lot of signals to process 4416. I tested it with both gdb and ptrace, both of them run correctly.

really I don't know the problem what was, but I think it is not a bug in Ubuntu as a lot of sites have referred to it, such https://askubuntu.com/questions/143561/why-wont-strace-gdb-attach-to-a-process-even-though-im-root