Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Warn about SYS_PTRACE when running in docker #459

Merged
merged 1 commit into from
Oct 21, 2021
Merged

Warn about SYS_PTRACE when running in docker #459

merged 1 commit into from
Oct 21, 2021

Conversation

benfred
Copy link
Owner

@benfred benfred commented Oct 21, 2021

If we get a permissions denied error when running in docker, ask about the
SYS_PTRACE capabality. Also only ask to run as sudo when we're not running
as root already.

This will output

Permission Denied

It looks like you are running in a docker container. Please make sure you started your container with the SYS_PTRACE capability. See https://github.com/benfred/py-spy#how-do-i-run-py-spy-in-docker for more details

when running in docker as root, rather than Permission Denied: Try running again with elevated permissions by going 'sudo env "PATH=$PATH" !!'

@benfred
Warn about SYS_PTRACE when running in docker
fe44aff 
If we get a permissions denied error when running in docker, ask about the
SYS_PTRACE capabality. Also only ask to run as sudo when we're not running
as root already.
@benfred benfred merged commit fee40b1 into master Oct 21, 2021
@benfred benfred deleted the check_docker_perms branch October 21, 2021 19:35
Jongy
Jongy reviewed Oct 22, 2021
View reviewed changes
src/main.rs
// Otherwise, fall through to the generic error handling
#[cfg(target_os="linux")]
if let Ok(cgroups) = std::fs::read_to_string("/proc/self/cgroup") {
if cgroups.contains("/docker/") {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This works in Docker but not in all containerized environments. I think it's better to test for the SYS_PTRACE capability itself here?

Copy link
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thats a good point! We could test for the SYS_PTRACE cap directly using capget - or maybe using a crate like https://github.com/lucab/caps-rs

Copy link
Contributor

@Jongy Jongy Oct 24, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah I was thinking about caps-rs

@benfred benfred mentioned this pull request Sep 20, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Jongy Jongy Jongy left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@benfred @Jongy