GDB problems inside docker

With docker version Docker version 1.1.0, build 79812e3 on Ubuntu 13.04, and using the docker container created by:

# docker build -t gdb_problem_testing - < THIS_FILE
FROM ubuntu
RUN echo "deb http://archive.ubuntu.com/ubuntu precise main universe" > /etc/apt/sources.list
RUN apt-get update
RUN apt-get install -y build-essential gdb

Doing this:

  • Docker environment for two similar projects
  • Docker: Is it necessary to mount a new partition
  • How to launch AVD while keep running docker
  • How to specify static ip address for multiple overlay networks in Docker
  • replica set in MongoDB using docker, primary has error and stops being primary when another member is added to the set
  • Run app inside docker container as non-root user with capabilities
  • user@host $ sudo docker run --rm -it --user=root gdb_problem_testing su root -c bash
    root@690396061e81:/# cat <<EOF > test.c && gcc -ggdb test.c -o test && gdb -ex run test
    > #include <stdio.h>
    >
    > int main(int argc, char **argv) {
    >     printf("Hello\n!");
    > }
    > EOF
    GNU gdb (Ubuntu/Linaro 7.4-2012.02-0ubuntu2) 7.4-2012.02
    Copyright (C) 2012 Free Software Foundation, Inc.
    License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
    This is free software: you are free to change and redistribute it.
    There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
    and "show warranty" for details.
    This GDB was configured as "x86_64-linux-gnu".
    For bug reporting instructions, please see:
    <http://bugs.launchpad.net/gdb-linaro/>...
    Reading symbols from /test...done.
    Starting program: /test
    user@host $
    

    DOES NOT RUN THE PROGRAM. gdb just up and quits. Notice on the last line that I even got booted from the docker container and didn’t return to the bash prompt (!)

    I have not been able to reproduce this in a non-docker environment (su <some_user> -c bash etc).

    This problem does not occur if I do not su <some_user> -c bash but instead just use bash. For various reasons, su must be used, mainly because it’s the only way I’ve found to be able to enforce ulimits for a specific user in a docker container.

    Why won’t gdb work in this situation??

    EDIT

    copy-pastable command to run in docker container:

    cat <<EOF > test.c && gcc -ggdb test.c -o test && gdb -ex run test
    #include <stdio.h>
    
    int main(int argc, char **argv) {
        printf("Hello\n!");
    }
    EOF
    

    UPDATE

    Just to show that it’s the su command in a docker container that’s messing things up, below is the output of doing the same thing with bash instead of su root -c bash:

    user@host $ sudo docker run --rm -it --user=root gdb_problem_testing bash
    root@ce1581184f7a:/# cat <<EOF > test.c && gcc -ggdb test.c -o test && gdb -ex run test
    > #include <stdio.h>
    >
    > int main(int argc, char **argv) {
    >     printf("Hello\n!");
    > }
    > EOF
    GNU gdb (Ubuntu/Linaro 7.4-2012.02-0ubuntu2) 7.4-2012.02
    Copyright (C) 2012 Free Software Foundation, Inc.
    License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
    This is free software: you are free to change and redistribute it.
    There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
    and "show warranty" for details.
    This GDB was configured as "x86_64-linux-gnu".
    For bug reporting instructions, please see:
    <http://bugs.launchpad.net/gdb-linaro/>...
    Reading symbols from /test...done.
    Starting program: /test
    warning: no loadable sections found in added symbol-file system-supplied DSO at 0x7ffff7ffa000
    Hello
    ![Inferior 1 (process 17) exited with code 07]
    (gdb)
    

    Notice how the program actually ran (printed “Hello”) and I stayed in gdb and in the docker container.

  • docker images access issue
  • Docker: give a random port mapping only to certain ports
  • Why I can't find ip_vs module or use ipvsadm when I add privileged
  • Knife Container issue
  • Add -f parameter when running Docker Toolbox
  • Docker missing log4net ConsoleAppender logs
  • One Solution collect form web for “GDB problems inside docker”

    This is due to apparmor. I have a solution but it needs to be applied after each boot.

    The trick is to tell apparmor to ‘complain’ about security violations rather than block them. This isn’t the most secure workaround, I’d really like to find a better way to deal with it (like only allow ptrace and whatever else GDB requires).

    To tell apparmor to complain, you need to change the line in /etc/apparmor.d/docker from:

    profile docker-default flags=(attach_disconnected,mediate_deleted) {
    

    to:

    profile docker-default flags=(attach_disconnected,mediate_deleted,complain) {
    
    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.