> So, I have a strange problem going on in my CF container. I can "cf ssh appname" into it and reproduce it with command line. I was hoping to run strace on it, but when I run it I get
> "PTRACE_TRACEME doesn't work: Operation not permitted"
This is expected, as we drop the `CAP_SYS_PTRACE` capability for our
unprivileged containers, and every container created through `cf push`
is unprivileged by default.
> This is a dev instance, I don't mind if I break things. Is there a way to enable PTRACE_TRACEME so I can run strace?
You *could* enable privileged containers, see the dedicated
cf-deployment opsfile  for details.
Thanks, I'll keep that as a note, I got one of our CF admins to help out and we ended up figuring out the issue with tcpdump(not inside the droplet). It looked to be that our Firewall was dropping a DNS request packet, due to a possible bug in the cflinuxfs2 stack. We are upgrading to cflinuxfs3 shortly, as well as moving to a DNS that isn't outside our firewall. So we think both will fix the problem.