Is lowering ptrace_scope dangerous?

On development machines, setting it to 0 is acceptable. On production servers, it allows any user to inspect other users' processes, potentially leaking sensitive data. Use sudo strace instead of lowering the scope on production.

What alternatives exist to strace?

bpftrace offers similar tracing with less overhead. perf trace is another option. ltrace traces library calls instead of system calls. For specific needs: tcpdump for network, inotifywait for file, and auditd for security auditing.

strace Permission Denied — ptrace Scope Restricted for Process Tracing

Informationalsystem

Overview

Fix strace 'Operation not permitted' errors caused by Yama ptrace scope restrictions preventing non-root users from tracing processes on Linux.

Key Details

strace traces system calls made by processes — essential for debugging application behavior
ptrace (process trace) is the kernel feature that strace uses to intercept system calls
Yama LSM (Linux Security Module) controls ptrace access through kernel.yama.ptrace_scope
Default ptrace_scope is 1 (restricted) which only allows tracing child processes
Attaching strace to already-running processes requires ptrace_scope 0 or root privileges

Common Causes

Yama ptrace_scope set to 1 or higher, restricting process attachment
Trying to strace a process not started by the current user
Container security context blocking ptrace system call
AppArmor or SELinux policy denying ptrace access

Steps

1Use strace to start the process: 'strace -f -o trace.log ./my-program' (traces child processes too)
2For attaching to existing process with root: 'sudo strace -p PID'
3Temporarily allow: 'echo 0 | sudo tee /proc/sys/kernel/yama/ptrace_scope'
4Persist setting: add 'kernel.yama.ptrace_scope = 0' to /etc/sysctl.conf (security trade-off)
5In containers: add --cap-add SYS_PTRACE to docker run or add SYS_PTRACE capability to pod spec

Related Items

linux-perf-tool-no-permission-denied

More in System

windows-C000021A-status-system-process-terminatedWindows Error 0xC000021A — STATUS SYSTEM PROCESS TERMINATED

Critical

windows-C0000225-boot-configuration-errorWindows Error 0xC0000225 — Boot Configuration Error

Critical

windows-C000000F-boot-selection-failedWindows Error 0xC000000F — Boot Selection Failed

Critical

windows-80004005-unspecified-errorWindows Error 0x80004005 — Unspecified Error

Warning

windows-80070570-file-or-directory-corruptedWindows Error 0x80070570 — File or Directory Corrupted

Error

windows-system-0xc0000185Windows Error 0xC0000185 — Boot Device Inaccessible

Critical

Frequently Asked Questions

Only a parent process can ptrace its children. You can strace a process you launch but cannot attach to an already-running process (even if you own it). This prevents malicious processes from inspecting other processes.

strace Permission Denied — ptrace Scope Restricted for Process Tracing

Overview

Key Details

Common Causes

Steps

Tags

Related Items

More in System

Frequently Asked Questions