-
Notifications
You must be signed in to change notification settings - Fork 95
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Failure to read symbols inside docker-container due to broken /proc/pid/exe link #307
Comments
I also have issues running magic-trace on docker targets, but specifically Java. The below was a failed attempt to make magic-trace open the link rather than resolving it. I realized that it didn't work after posting here. I looked a bit into this for native apps to see if the readlink could be the source of my problems. but for my c++ apps magic trace actually works fine both with and without opening I don't understand why the readlink command is there, maybe for good reason? here is a small c program and instructions to view the effects of not having readlink there. it works by intercepting the call to readlink and simply returning the same path that it got.
compile it like this
and then run magic trace with LD_PRELOAD
|
Note - after fixing it in mentioned place, there is a second place which needs fixing: Line 302 in 7ac635e
Filename_unix.realpath with Core_unix.readlink - this is needed because of subsequent filtering based on names from /proc/pid/maps
I originally missed this because while debugging I hard-copied binary to the same place on host that was in the docker. |
Thanks for digging into this, both of you.
Could you give an example of where It seems reasonable to me to have this patch upstream, but I'd like to understand the behavior change first. |
Hi. I encountered this problem while trying to trace binary inside docker-container.
The problem manifests as rather misleading
message which doesn't indicate failure to open the executable but strace helped here to find the root cause as running the binary outside of container worked well.
The reason is that
/proc/<pid>/exe
contains a path used to launch the process inside the container which means this path refers to directories inside the container. This symlink is not valid outside of the containerI believe the problem can be fixed by skipping
Core_unix.readlink
heremagic-trace/src/trace.ml
Line 722 in 7ac635e
/proc/<pid>/exe
.The text was updated successfully, but these errors were encountered: