Debugging applications that run on Ubuntu (ptrace restriction)

Note: The following topic applies to applications running on the following platforms - Ubuntu, RedHat v7.5 and newer, and when using Docker on Ubuntu and Windows platforms.

By default, on Ubuntu, a process can only attach to another process if it has a predefined relationship with it. An example would be a parent process that has started a child process. This is a restriction to ptrace and is valid for non-root users only. It is designed to ensure higher security to malware attacks. The root user can still attach to any process.

This affects unsolicited Dynamic Attachment debugging.

This behaviour is defined by the sysctl value in /proc/sys/kernel/yama/ptrace_scope, which is set to 1, by default.

To relax the restriction and allow processes to attach to other processes, this value must be set to 0. This allows processes that have the same user id to attach to each other. Execute the following to remove the restriction:

sudo sh << END
echo 0 > /proc/sys/kernel/yama/ptrace_scope

The following table shows which debugging methods need you to do this:

Debugging method sysctl value in ptrace_scope
anim <prog> Either 0 or 1
COBSW=+A <prog> Either 0 or 1
anim <pid> Must be 0
cobanimsrv Either 0 or 1
CBL_DEBUG_START Either 0 or 1
debug_on_error tunable Either 0 or 1
core_on_error tunable Either 0 or 1
stackdump_on_error tunable Either 0 or 1
Remote debugging using Eclipse Either 0 or 1
Debugging using remote attach to process with Eclipse (attach to PID) Must be 0

For more on the ptrace restriction, check the Ubuntu documentation.