How to solve “ptrace operation not permitted” when trying to attach GDB to a process?

Question

I\'m trying to attach a program with gdb but it returns:

Attaching to process 29139
Could not attach to process. If your uid matches the ui

Answer 1

I have faced the same problem and try a lot of solution but finally, I have found the solution, but really I don't know what the problem was. First I modified the ptrace_conf value and login into Ubuntu as a root but the problem still appears. But the most strange thing that happened is the gdb showed me a message that says:

Could not attach to process. If your uid matches the uid of the target process, check the setting of /proc/sys/kernel/yama/ptrace_scope, or try again as the root user.
For more details, see /etc/sysctl.d/10-ptrace.conf warning: process 3767 is already traced by process 3755 ptrace: Operation not permitted.

With ps command terminal, the process 3755 was not listed.

I found the process 3755 in /proc/$pid but I don't understand what was it!!

Finally, I deleted the target file (foo.c) that I try to attach it vid gdb and tracer c program using PTRACE_ATTACH syscall, and in the other folder, I created another c program and compiled it.

the problem is solved and I was enabled to attach to another process either by gdb or ptrace_attach syscall.

(gdb) attach 4416

Attaching to process 4416

and I send a lot of signals to process 4416. I tested it with both gdb and ptrace, both of them run correctly.

really I don't know the problem what was, but I think it is not a bug in Ubuntu as a lot of sites have referred to it, such https://askubuntu.com/questions/143561/why-wont-strace-gdb-attach-to-a-process-even-though-im-root

Answer 2

This is due to kernel hardening in Linux; you can disable this behavior by echo 0 > /proc/sys/kernel/yama/ptrace_scope or by modifying it in /etc/sysctl.d/10-ptrace.conf

See also this article about it in Fedora 22 (with links to the documentation) and this comment thread about Ubuntu and .

Answer 3

Maybe someone has attached this process with gdb.

• ps -ef | grep gdb

can't gdb attach the same process twice.

Answer 4

Just want to emphasize a related answer. Let's say that you're root and you've done:

strace -p 700

and get:

strace: attach: ptrace(PTRACE_SEIZE, 700): Operation not permitted

Check:

cat /proc/700/status | grep TracerPid

If you see something like TracerPid: 12, i.e. not zero, that's the PID of the program that is already using the ptrace system call. Both gdb and strace use it, and there can only be one active at a time.

Answer 5

Extra information

If you wanna make changes in the interfaces such as add the ovs bridge, you must use --privileged instead of --cap-add NET_ADMIN.

sudo docker run -itd --name=testliz --privileged --cap-add=SYS_PTRACE --security-opt seccomp=unconfined ubuntu

Answer 6

I don't know what you are doing with LD_PRELOAD or your ptrace function.

Why don't you try attaching gdb to a very simple program? Make a program that simply repeatedly prints Hello or something and use gdb --pid [hello program PID] to attach to it.

If that does not work then you really do have a problem.

Another issue is the user ID. Is the program that you are tracing setting itself to another UID? If it is then you cannot ptrace it unless you are using the same user ID or are root.