[lttng-dev] Userspace tracing in docker containers
eqbalzee at gmail.com
Mon Apr 5 14:09:39 EDT 2021
I am trying to get user space tracing working for an application running in
a docker container. I am running lttng session daemon in another container.
I mounted the unix socket locations (either /var/run/lttng for root or
$HOME/.lttng for another user). By doing that I can run commands like lttng
create or lttng list <session-name>, but the tracepoint events from the
application don't get registered and there is no trace output.
I enabled LTTNG_UST_DEBUG an ran lttng-sessiond in verbose mode (-vvv and
--verbose-consumer) and got the following error message:
"*Unix socket credential pid=0. Refusing application in distinct,
non-nested pid namespace.*"
It appears that for some calls to the session daemon there is a getsockopt
syscall made with *SO_PEERCRED* which returns 0 for pid and the call is
failed with *LTTNG_UST_ERR_PEERCRED_PID* error (see get_cred call in
If I comment out the getsockopt call, my application tracing starts to work.
>From what I found, docker cannot support getsockopt/SO_PEERCRED call to get
peer pid on the unix socket which would make sense as it's in a separate
I have a few questions on this:
1. What is the reason for the get_cred/getsockopt call with SO_PEERCRED? I
would like to understand why it's required for some and not other calls.
2. Is there any workaround for this problem, so that I can get this to work
with the container topology I am working with (app in one container and
lttng daemons in another).
3. Related to 2, are there any gotchas to bypassing the getsockopt call in
Appreciate your help regarding this.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the lttng-dev