[cf-dev] How to run strace within cf droplet

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

[cf-dev] How to run strace within cf droplet

gschoep

So, I have a strange problem going on in my CF container. I can "cf ssh appname" into it and reproduce it with command line. I was hoping to run strace on it, but when I run it I get

"PTRACE_TRACEME doesn't work: Operation not permitted"

This is a dev instance, I don't mind if I break things. Is there a way to enable PTRACE_TRACEME so I can run strace?


My setup...

(sorry I don't know what version of CF our servers are running)

buildpack: https://github.com/cloudfoundry/ruby-buildpack#v1.7.23

_._,_._,_

Links:

You receive all messages sent to this group.

View/Reply Online (#8590) | [hidden email] | [hidden email] | Mute This Topic | New Topic

Your Subscription | [hidden email] | Unsubscribe [[hidden email]]

_._,_._,_
Reply | Threaded
Open this post in threaded view
|

Re: [cf-dev] How to run strace within cf droplet

Giuseppe Capizzi
Hi!

> So, I have a strange problem going on in my CF container. I can "cf ssh appname" into it and reproduce it with command line. I was hoping to run strace on it, but when I run it I get
>
> "PTRACE_TRACEME doesn't work: Operation not permitted"

This is expected, as we drop the `CAP_SYS_PTRACE` capability for our
unprivileged containers, and every container created through `cf push`
is unprivileged by default.

> This is a dev instance, I don't mind if I break things. Is there a way to enable PTRACE_TRACEME so I can run strace?

You *could* enable privileged containers, see the dedicated
cf-deployment opsfile [1] for details.

[1] https://github.com/cloudfoundry/cf-deployment/blob/master/operations/enable-privileged-container-support.yml

Hope it helps!
--
Giuseppe Capizzi

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#8591): https://lists.cloudfoundry.org/g/cf-dev/message/8591
Mute This Topic: https://lists.cloudfoundry.org/mt/31269711/474226
Group Owner: [hidden email]
Unsubscribe: https://lists.cloudfoundry.org/g/cf-dev/leave/920759/1741049355/xyzzy  [[hidden email]]
-=-=-=-=-=-=-=-=-=-=-=-

Reply | Threaded
Open this post in threaded view
|

Re: [cf-dev] How to run strace within cf droplet

gschoep
Thanks, I'll keep that as a note, I got one of our CF  admins to help out and we ended up figuring out the issue with tcpdump(not inside the droplet). It looked to be that our Firewall was dropping a DNS request packet, due to a possible bug in the cflinuxfs2 stack. We are upgrading to cflinuxfs3 shortly, as well as moving to a DNS that isn't outside our firewall. So we think both will fix the problem.
_._,_._,_

Links:

You receive all messages sent to this group.

View/Reply Online (#8593) | [hidden email] | [hidden email] | Mute This Topic | New Topic

Your Subscription | [hidden email] | Unsubscribe [[hidden email]]

_._,_._,_