Mac M1 Ptrace - warning: ptrace: Function not implemented

[HenryHoggard]

Expected behavior

• Should be able to debug binary using gdb in Docker container.
• The same Dockerfile and commands work on my older x86-64 mac, so either there is an issue with ptrace on Docker preview for M1 macs, or I'm doing something wrong.

Actual behavior

• Cannot debug due to ptrace being unavailable with the below error:

gdb /bin/echo
> run
Starting program: /bin/echo
warning: Could not trace the inferior process.
warning: ptrace: Function not implemented
During startup program exited with code 127.

Information

• macOS Version: 11.1 (20C69)
• Docker for Mac Preview 20.10.0 / 0.0.0
• MacBook Pro (13-inch, M1, 2020)
• Container: Linux b619d811f2eb 4.19.104-linuxkit #1 SMP PREEMPT Sat Feb 15 00:49:47 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux

Steps to reproduce the behavior

Dockerfile

FROM phusion/baseimage:master-amd64

ENV DEBIAN_FRONTEND noninteractive

RUN dpkg --add-architecture i386 && \
    apt-get -y update && \
    apt install -y \
    vim \
    python3-dev \
    python3-pip \
    build-essential \
    strace \
    ltrace \
    nasm \
    gdb \
    netcat \
    git \
    zsh \
    wget \
    sudo \
    tmux \
    unzip

RUN pip3 install \
    pwntools \
    angr \
    r2pipe

RUN git clone --depth 1 https://github.com/pwndbg/pwndbg && \
    cd pwndbg && chmod +x setup.sh && ./setup.sh

WORKDIR /gdb/

RUN wget https://github.com/robbyrussell/oh-my-zsh/raw/master/tools/install.sh -O - | zsh || true

CMD ["/bin/zsh"]

Run command:

docker run --rm -v $PWD:/gdb --cap-add=SYS_PTRACE --security-opt seccomp=unconfined --security-opt apparmor=unconfined -d --name gdbdocker --privileged -i gdbdocker

 docker exec -it --privileged gdbdocker /bin/zsh

I have also tried the following command inside Docker but it makes no difference:

echo 0 | sudo tee /proc/sys/kernel/yama/ptrace_scope

[camerondurham]

Apologies if this isn't the right place to ask these questions. Where could I learn about the version/11.1 release schedule and when gdb support would be added? Thanks so much!

EDIT I'll look out for the release schedule for the next M1 version which should answer my question.

[crand6]

Also unable to debug with GDB. Very interested in this as a feature.

[crand6]

Any comment about the timing or priority of this? I see the new tech preview was released on Feb 11, 2021 but this is still a blocking issue for me. I also tried installing the x86 Docker version, but even running that under Rosetta2 it fails to start. Any suggested workarounds are welcome. Thanks for any help.

[tower111]

I receive this problom too !! and i am alwalse see this problome. I hope can resolve it. It's important for me.

[lephuhung]

same problem, anyone solve this?

[cpuguy83]

The container is running in qemu (because amd64 is not native on M1), which does not implement ptrace.

GDB + qemu usage: https://qemu-project.gitlab.io/qemu/system/gdb.html

If you want to use strace, you can -e QEMU_STRACE=1 and it will trace everything for you.

[dagheyman]

I'm hitting this as well, trying to run gdb inside a linux/amd64 container started with --platform linux/amd64 and --cap-add=SYS_PTRACE on a M1.

[tower111]

I'm hitting this as well, trying to run gdb inside a linux/amd64 container started with --platform linux/amd64 and --cap-add=SYS_PTRACE on a M1.

I receive this error when run gdb

pwndbg: loaded 189 commands. Type pwndbg [filter] for a list.
pwndbg: created $rebase, $ida gdb functions (can be used with print/break)
Reading symbols from level0...
(No debugging symbols found in level0)
pwndbg> r
Starting program: /ctf/work/level0
warning: Error disabling address space randomization: Operation not permitted
warning: Could not trace the inferior process.
warning: ptrace: Function not implemented
During startup program exited with code 127.
pwndbg>

The container be build use follow command
docker run --cap-add=SYS_PTRACE -it --name pwn --platform linux/amd64 --network host -v /Users/tower/Documents/ctf:/ctf/work skysider/pwndocker tmux

What command were you run？？

This my docker

(base) ➜  ~ docker --version
Docker version 20.10.5, build 55c4c88

[cpuguy83]

I posted the solution here: #5191 (comment)

ptrace is not supported in qemu, so you have to do something different. Docs for using gdb with qemu are in the linked comment.

[HenryHoggard]

I posted the solution here: #5191 (comment)

ptrace is not supported in qemu, so you have to do something different. Docs for using gdb with qemu are in the linked comment.

This is not a solution, since strace is not a replacement for ptrace.

[cpuguy83]

The link tells you how to setup gdb with qemu.

[stephen-turner]

Closing this ticket. @cpuguy83 has explained (#5191 (comment)) why it cannot work. qemu emulation is only ever best-effort: the solution is to run arm64 containers on M1 hardware.

[crand6]

Any comment about the timing or priority of this? I see the new tech preview was released on Feb 11, 2021 but this is still a blocking issue for me. I also tried installing the x86 Docker version, but even running that under Rosetta2 it fails to start. Any suggested workarounds are welcome. Thanks for any help.

[tower111]

I receive this problom too !! and i am alwalse see this problome. I hope can resolve it. It's important for me.

[lephuhung]

same problem, anyone solve this?

[cpuguy83]

The container is running in qemu (because amd64 is not native on M1), which does not implement ptrace.

GDB + qemu usage: https://qemu-project.gitlab.io/qemu/system/gdb.html

If you want to use strace, you can -e QEMU_STRACE=1 and it will trace everything for you.

[dagheyman]

I'm hitting this as well, trying to run gdb inside a linux/amd64 container started with --platform linux/amd64 and --cap-add=SYS_PTRACE on a M1.

[tower111]

I'm hitting this as well, trying to run gdb inside a linux/amd64 container started with --platform linux/amd64 and --cap-add=SYS_PTRACE on a M1.

I receive this error when run gdb

pwndbg: loaded 189 commands. Type pwndbg [filter] for a list.
pwndbg: created $rebase, $ida gdb functions (can be used with print/break)
Reading symbols from level0...
(No debugging symbols found in level0)
pwndbg> r
Starting program: /ctf/work/level0
warning: Error disabling address space randomization: Operation not permitted
warning: Could not trace the inferior process.
warning: ptrace: Function not implemented
During startup program exited with code 127.
pwndbg>

The container be build use follow command
docker run --cap-add=SYS_PTRACE -it --name pwn --platform linux/amd64 --network host -v /Users/tower/Documents/ctf:/ctf/work skysider/pwndocker tmux

What command were you run？？

This my docker

(base) ➜  ~ docker --version
Docker version 20.10.5, build 55c4c88

[cpuguy83]

I posted the solution here: #5191 (comment)

ptrace is not supported in qemu, so you have to do something different. Docs for using gdb with qemu are in the linked comment.

[HenryHoggard]

I posted the solution here: #5191 (comment)

ptrace is not supported in qemu, so you have to do something different. Docs for using gdb with qemu are in the linked comment.

This is not a solution, since strace is not a replacement for ptrace.

[cpuguy83]

The link tells you how to setup gdb with qemu.

[stephen-turner]

Closing this ticket. @cpuguy83 has explained (#5191 (comment)) why it cannot work. qemu emulation is only ever best-effort: the solution is to run arm64 containers on M1 hardware.

[cpuguy83]

FYI, if you need to set options, you can set the relevant env var on the container.

-g port              QEMU_GDB          wait gdb connection to 'port'
-L path              QEMU_LD_PREFIX    set the elf interpreter prefix to 'path'
-s size              QEMU_STACK_SIZE   set the stack size to 'size' bytes
-cpu model           QEMU_CPU          select CPU (-cpu help for list)
-E var=value         QEMU_SET_ENV      sets targets environment variable (see below)
-U var               QEMU_UNSET_ENV    unsets targets environment variable (see below)
-0 argv0             QEMU_ARGV0        forces target process argv[0] to be 'argv0'
-r uname             QEMU_UNAME        set qemu uname release string to 'uname'
-B address           QEMU_GUEST_BASE   set guest_base address to 'address'
-R size              QEMU_RESERVED_VA  reserve 'size' bytes for guest virtual address space
-d item[,...]        QEMU_LOG          enable logging of specified items (use '-d help' for a list of items)
-dfilter range[,...] QEMU_DFILTER      filter logging based on address range
-D logfile           QEMU_LOG_FILENAME write logs to 'logfile' (default stderr)
-p pagesize          QEMU_PAGESIZE     set the host page size to 'pagesize'
-singlestep          QEMU_SINGLESTEP   run in singlestep mode
-strace              QEMU_STRACE       log system calls
-seed                QEMU_RAND_SEED    Seed for pseudo-random number generator
-trace               QEMU_TRACE        [[enable=]<pattern>][,events=<file>][,file=<file>]
-version             QEMU_VERSION      display version information and exit

[docker-robott]

Closed issues are locked after 30 days of inactivity.
This helps our team focus on active issues.

If you have found a problem that seems similar to this, please open a new issue.

Send feedback to Docker Community Slack channels #docker-for-mac or #docker-for-windows.
/lifecycle locked