How to solve "ptrace operation not permitted" when trying to attach GDB to a process?

If you are using Docker, you will probably need these options:

docker run --cap-add=SYS_PTRACE --security-opt seccomp=unconfined

If you are using Podman, you will probably need its --cap-add option too:

podman run --cap-add=SYS_PTRACE

This is due to kernel hardening in Linux; you can disable this behavior by echo 0 > /proc/sys/kernel/yama/ptrace_scope or by modifying it in /etc/sysctl.d/10-ptrace.conf

See also this article about it in Fedora 22 (with links to the documentation) and this comment thread about Ubuntu and .

I would like to add that I needed --security-opt apparmor=unconfined along with the options that @wisbucky mentioned. This was on Ubuntu 18.04 (both Docker client and host). Therefore, the full invocation for enabling gdb debugging within a container is:

docker run --cap-add=SYS_PTRACE --security-opt seccomp=unconfined --security-opt apparmor=unconfined

Not really addressing the above use-case but I had this problem:

Problem: It happened that I started my program with sudo, so when launching gdb it was giving me ptrace: Operation not permitted.

Solution: sudo gdb ...

Just want to emphasize a related answer. Let's say that you're root and you've done:

strace -p 700

and get:

strace: attach: ptrace(PTRACE_SEIZE, 700): Operation not permitted

Check:

grep TracerPid /proc/700/status

If you see something like TracerPid: 12, i.e. not 0, that's the PID of the program that is already using the ptrace system call. Both gdb and strace use it, and there can only be one active at a time.