四川少bbb搡bbb爽爽爽,熟妇人妻av无码一区二区三区

問題

docker里運行gdb，打了斷點，卻無法進入斷點

原因

docker為了保證主機安全，docker開了很多安全設置，其中包括ASLR（Address space layout randomization），即docker里的內存地址和主機內存地址是不一樣的。

ASLR會導致GDB這種依賴地址的程序無法正常運作。

解決方法

使用docker的超級權限，加入--privileged(兩個橫線,markdown語法

如：

docker run --privileged ……

GDB即可正常運作

超級權限會關閉很多安全設置，可以更充分的使用docker能力

例如，docker里再開docker都可以了，呵呵。

補充知識：docker ptrace: Operation not permitted. 處理方法

docker中gdb在進行進程debug時，會報錯：

(gdb) attach 30721

Attaching to process 30721

ptrace: Operation not permitted.

原因就是因為ptrace被Docker默認禁止的問題?？紤]到應用分析的需要，可以有以下幾種方法解決：

1、關閉seccomp

docker run --security-opt seccomp=unconfined

2、采用超級權限模式

docker run --privileged

3、僅開放ptrace限制

docker run --cap-add sys_ptrace

當然從安全角度考慮，如只是想使用gdb進行debug的話，建議使用第三種。

安全計算模式（secure computing mode，seccomp）是 Linux 內核功能，可以使用它來限制容器內可用的操作。

Docker 的默認 seccomp 配置文件是一個白名單，它指定了允許的調用。

下表列出了由于不在白名單而被有效阻止的重要（但不是全部）系統(tǒng)調用。該表包含每個系統(tǒng)調用被阻止的原因。

Syscall	Description
acct	Accounting syscall which could let containers disable their own resource limits or process accounting. Also gated by CAP_SYS_PACCT.
add_key	Prevent containers from using the kernel keyring, which is not namespaced.
adjtimex	Similar to clock_settime and settimeofday, time/date is not namespaced. Also gated by CAP_SYS_TIME.
bpf	Deny loading potentially persistent bpf programs into kernel, already gated by CAP_SYS_ADMIN.
clock_adjtime	Time/date is not namespaced. Also gated by CAP_SYS_TIME.
clock_settime	Time/date is not namespaced. Also gated by CAP_SYS_TIME.
clone	Deny cloning new namespaces. Also gated by CAP_SYS_ADMIN for CLONE_* flags, except CLONE_USERNS.
create_module	Deny manipulation and functions on kernel modules. Obsolete. Also gated by CAP_SYS_MODULE.
delete_module	Deny manipulation and functions on kernel modules. Also gated by CAP_SYS_MODULE.
finit_module	Deny manipulation and functions on kernel modules. Also gated by CAP_SYS_MODULE.
get_kernel_syms	Deny retrieval of exported kernel and module symbols. Obsolete.
get_mempolicy	Syscall that modifies kernel memory and NUMA settings. Already gated by CAP_SYS_NICE.
init_module	Deny manipulation and functions on kernel modules. Also gated by CAP_SYS_MODULE.
ioperm	Prevent containers from modifying kernel I/O privilege levels. Already gated by CAP_SYS_RAWIO.
iopl	Prevent containers from modifying kernel I/O privilege levels. Already gated by CAP_SYS_RAWIO.
kcmp	Restrict process inspection capabilities, already blocked by dropping CAP_PTRACE.
kexec_file_load	Sister syscall of kexec_load that does the same thing, slightly different arguments. Also gated by CAP_SYS_BOOT.
kexec_load	Deny loading a new kernel for later execution. Also gated by CAP_SYS_BOOT.
keyctl	Prevent containers from using the kernel keyring, which is not namespaced.
lookup_dcookie	Tracing/profiling syscall, which could leak a lot of information on the host. Also gated by CAP_SYS_ADMIN.
mbind	Syscall that modifies kernel memory and NUMA settings. Already gated by CAP_SYS_NICE.
mount	Deny mounting, already gated by CAP_SYS_ADMIN.
move_pages	Syscall that modifies kernel memory and NUMA settings.
name_to_handle_at	Sister syscall to open_by_handle_at. Already gated by CAP_SYS_NICE.
nfsservctl	Deny interaction with the kernel nfs daemon. Obsolete since Linux 3.1.
open_by_handle_at	Cause of an old container breakout. Also gated by CAP_DAC_READ_SEARCH.
perf_event_open	Tracing/profiling syscall, which could leak a lot of information on the host.
personality	Prevent container from enabling BSD emulation. Not inherently dangerous, but poorly tested, potential for a lot of kernel vulns.
pivot_root	Deny pivot_root, should be privileged operation.
process_vm_readv	Restrict process inspection capabilities, already blocked by dropping CAP_PTRACE.
process_vm_writev	Restrict process inspection capabilities, already blocked by dropping CAP_PTRACE.
ptrace	Tracing/profiling syscall, which could leak a lot of information on the host. Already blocked by dropping CAP_PTRACE.
query_module	Deny manipulation and functions on kernel modules. Obsolete.
quotactl	Quota syscall which could let containers disable their own resource limits or process accounting. Also gated by CAP_SYS_ADMIN.
reboot	Don't let containers reboot the host. Also gated by CAP_SYS_BOOT.
request_key	Prevent containers from using the kernel keyring, which is not namespaced.
set_mempolicy	Syscall that modifies kernel memory and NUMA settings. Already gated by CAP_SYS_NICE.
setns	Deny associating a thread with a namespace. Also gated by CAP_SYS_ADMIN.
settimeofday	Time/date is not namespaced. Also gated by CAP_SYS_TIME.
socket, socketcall	Used to send or receive packets and for other socket operations. All socket and socketcall calls are blocked except communication domains AF_UNIX, AF_INET, AF_INET6, AF_NETLINK, and AF_PACKET.
stime	Time/date is not namespaced. Also gated by CAP_SYS_TIME.
swapon	Deny start/stop swapping to file/device. Also gated by CAP_SYS_ADMIN.
swapoff	Deny start/stop swapping to file/device. Also gated by CAP_SYS_ADMIN.
sysfs	Obsolete syscall.
_sysctl	Obsolete, replaced by /proc/sys.
umount	Should be a privileged operation. Also gated by CAP_SYS_ADMIN.
umount2	Should be a privileged operation. Also gated by CAP_SYS_ADMIN.
unshare	Deny cloning new namespaces for processes. Also gated by CAP_SYS_ADMIN, with the exception of unshare –user.
uselib	Older syscall related to shared libraries, unused for a long time.
userfaultfd	Userspace page fault handling, largely needed for process migration.
ustat	Obsolete syscall.
vm86	In kernel x86 real mode virtual machine. Also gated by CAP_SYS_ADMIN.
vm86old	In kernel x86 real mode virtual machine. Also gated by CAP_SYS_ADMIN.

以上這篇解決docker使用GDB,無法進入斷點的問題就是小編分享給大家的全部內容了，希望能給大家一個參考，也希望大家多多支持本站。

版權聲明：本站文章來源標注為YINGSOO的內容版權均為本站所有，歡迎引用、轉載，請保持原文完整并注明來源及原文鏈接。禁止復制或仿造本網(wǎng)站，禁止在非maisonbaluchon.cn所屬的服務器上建立鏡像，否則將依法追究法律責任。本站部分內容來源于網(wǎng)友推薦、互聯(lián)網(wǎng)收集整理而來，僅供學習參考，不代表本站立場，如有內容涉嫌侵權，請聯(lián)系alex-e#qq.com處理。

kernel-headers下載

kernel-headers-2.2.1-4

找不到config.inc.php 沒有config.inc.php這個文件

libtcl8.3下載|無法找到libtcl8.3

libmysqlclient.so.10無法找到

Linux+Apache+PHP+MySQL+Zend Optimizer+PHPMyAdmin

Zlib是什么?|Zlib的作用是什么?|Zlib有什么作用?

glibc安裝錯誤|glibc安裝出錯

什么是glibc?glibc是什么?什么是freetype?freetype是什么?什么是?Xlib是什么?什么是lo

ERROR 1045 (28000): Access denied for user root@localhost (using password: NO)