如何解决继续获取 ptrace:尝试附加到 docker 容器中的进程时不允许操作
我正在 python:3.8-alpine docker 容器中运行 Flask 应用程序。我正在尝试使用 debugpy 在 VS Code 中设置远程调试,我的 dockerfile 结尾是:
CMD [ "gunicorn","app:create_app()","--bind","0.0.0.0:8000" ]
RUN python -m debugpy --listen 0.0.0.0:5678 --log-to-stderr --pid 1
在我的 docker compose 中,我有:
api:
container_name: gamersplane-api
build:
context: ./api
volumes:
- ./api:/usr/src/app
command: gunicorn app:create_app() --bind 0.0.0.0:8000 --reload --timeout 600
ports:
- 8000:8000
- 5678:5678
env_file:
- ./.env
restart: always
stdin_open: true
tty: true
privileged: true
cap_add:
- SYS_PTRACE
security_opt:
- seccomp:unconfined
但每次构建时,我都会收到此错误:
I+00000.010: Initial environment:
System paths:
sys.prefix: /usr/local
sys.base_prefix: /usr/local
sys.real_prefix: <missing>
site.getsitepackages(): /usr/local/lib/python3.8/site-packages
site.getusersitepackages(): /root/.local/lib/python3.8/site-packages
sys.path (site-packages): /usr/local/lib/python3.8/site-packages
sysconfig.get_path('stdlib'): /usr/local/lib/python3.8
sysconfig.get_path('platstdlib'): /usr/local/lib/python3.8
sysconfig.get_path('purelib'): /usr/local/lib/python3.8/site-packages
sysconfig.get_path('platlib'): /usr/local/lib/python3.8/site-packages
sysconfig.get_path('include'): /usr/local/include/python3.8
sysconfig.get_path('scripts'): /usr/local/bin
sysconfig.get_path('data'): /usr/local
os.__file__: /usr/local/lib/python3.8/os.py
threading.__file__: /usr/local/lib/python3.8/threading.py
I+00000.010: sys.argv before parsing: ['/usr/local/lib/python3.8/site-packages/debugpy/__main__.py','--listen','0.0.0.0:5678','--log-to-stderr','--pid','1']
after parsing: ['/usr/local/lib/python3.8/site-packages/debugpy/__main__.py']
I+00000.010: Attaching to process with PID=1
I+00000.010: Code to be injected:
import codecs;
import json;
import sys;
decode = lambda s: codecs.utf_8_decode(bytearray(s))[0] if s is not None else None;
script_dir = decode([47,117,115,114,47,108,111,99,97,105,98,112,121,116,104,110,51,46,56,101,45,107,103,100,118,114]);
setup = json.loads(decode([123,34,109,58,32,44,91,48,53,54,55,93,119,95,102,125]));
sys.path.insert(0,script_dir);
import attach_pid_injected;
del sys.path[0];
attach_pid_injected.attach(setup);
I+00000.011: Injecting code into process with PID=1 ...
Attaching with arch: i386:x86-64
Running: gdb --nw --nh --nx --pid 1 --batch --eval-command='set scheduler-locking off' --eval-command='set architecture i386:x86-64' --eval-command='call (void*)dlopen("/usr/local/lib/python3.8/site-packages/debugpy/_vendored/pydevd/pydevd_attach_to_process/attach_linux_amd64.so",2)' --eval-command='call (int)DoAttach(0,"import codecs;import json;import sys;decode = lambda s: codecs.utf_8_decode(bytearray(s))[0] if s is not None else None;script_dir = decode([47,114]);setup = json.loads(decode([123,125]));sys.path.insert(0,script_dir);import attach_pid_injected;del sys.path[0];attach_pid_injected.attach(setup);",0)'
Running gdb in target process.
stdout: b'The target architecture is set to "i386:x86-64".\n'
stderr: b'ptrace: Operation not permitted.\nTarget \'None\' cannot support this command.\nNo symbol table is loaded. Use the "file" command.\nNo symbol table is loaded. Use the "file" command.\n'
I+00000.103: Code injection into PID=1 completed.
而且我无法从 VS Code 附加。如果我使用模块方法(例如,导入和设置 debugpy),它就可以工作。其他网站/SO 问题表明 cap_add 和 security_opt 是我需要的,但它们不能解决手头的问题。
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
