Strace on Docker Containers

While trying to work around some recent macOS limitation imposed on dtrace due to System Integrity Protection (SIP), I found this useful little sjourdan/strace docker container.

To demonstrate, say you are working on IRB on foo container:

[email protected]: docker run --name foo --rm -it ruby:2.3.3 irb
irb(main):001:0>

Then fire up another strace container:

[email protected]: docker run --rm -it --pid=container:foo --net=container:foo --cap-add sys_admin --cap-add sys_ptrace sjourdan/strace strace -f -e trace=open -p 1
strace: Process 1 attached with 2 threads

Go back to foo, and write to a file:

irb(main):004:0> File.open('test.txt', 'w+') { |f| f.write('tadaaa') }

And see on the strace container:

[pid     1] open("test.txt", O_RDWR|O_CREAT|O_TRUNC|O_CLOEXEC, 0666) = 9

The strace container makes use of docker PID namespace feature. Checkout its Dockerfile, which is very straight forward.