From fee40b18cbbf57d38443e77a7e0c7e7a2fada0fd Mon Sep 17 00:00:00 2001 From: Ben Frederickson Date: Thu, 21 Oct 2021 12:35:08 -0700 Subject: [PATCH] Warn about SYS_PTRACE when running in docker (#459) If we get a permissions denied error when running in docker, ask about the SYS_PTRACE capabality. Also only ask to run as sudo when we're not running as root already. --- src/main.rs | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/src/main.rs b/src/main.rs index 5b36b0dd..1373951b 100644 --- a/src/main.rs +++ b/src/main.rs @@ -415,8 +415,26 @@ fn main() { #[cfg(unix)] { if permission_denied(&err) { - eprintln!("Permission Denied: Try running again with elevated permissions by going 'sudo env \"PATH=$PATH\" !!'"); - std::process::exit(1); + // Got a permission denied error, if we're not running as root - ask to use sudo + if unsafe { libc::geteuid() } != 0 { + eprintln!("Permission Denied: Try running again with elevated permissions by going 'sudo env \"PATH=$PATH\" !!'"); + std::process::exit(1); + } + + // We got a permission denied error running as root, check to see if we're running + // as docker, and if so ask the user to check the SYS_PTRACE capability is added + // Otherwise, fall through to the generic error handling + #[cfg(target_os="linux")] + if let Ok(cgroups) = std::fs::read_to_string("/proc/self/cgroup") { + if cgroups.contains("/docker/") { + eprintln!("Permission Denied"); + eprintln!("\nIt looks like you are running in a docker container. Please make sure \ + you started your container with the SYS_PTRACE capability. See \ + https://github.com/benfred/py-spy#how-do-i-run-py-spy-in-docker for \ + more details"); + std::process::exit(1); + } + } } }