Many a time you feel the need to debug a process running inside the container with gdb (or anything that uses ptrace). It is not as straightforward (at least for now) as attaching gdb to host pid of the container process or to docker client/daemon.
You can go about in following ways:
- If you try to attach gdb to the hostpid (let us call it HPID) of the container process (ie. PID in host namespace), it gives following warning:
- You can install gdb in container beforehand or with docker exec and attach to the process. However, for a non-privileged container or one which doesn’t have CAP_SYS_PTRACE capability this won’t work. You will get ‘Permission denied’ otherwise. More info on capabilities with docker here.
Any of the following will do:
docker run -d -i --cap-add sys_ptrace ---name box centos:centos7 sleep 100000 docker run -d -i --privileged --name box centos:centos7 sleep 100000
Continue reading “Debugging docker containers with gdb and nsenter.”