Commit a39e1a3
authored
Add SYS_PTRACE capabilities for core dumps (#7877)
## Summary of changes
In [some docker
tests](https://dev.azure.com/datadoghq/a51c4863-3eb4-4c5d-878a-58b41a049e4e/_apis/build/builds/191788/logs/21773),
we are not able to generate dumps:
```
2025-11-28T09:37:38.3389079Z 09:37:38 [DBG] Failed Datadog.Trace.Security.IntegrationTests.Iast.WeakCipherTests.IntegrationDisabled(variableName: "DD_TRACE_SymmetricAlgorithm_ENABLED", variableValue: "false") [3 s]
2025-11-28T09:37:38.3401898Z 09:37:38 [DBG] Error Message:
2025-11-28T09:37:38.3403074Z 09:37:38 [DBG] Datadog.Trace.TestHelpers.ExitCodeException+SIGSEGVExitCodeException : Expected exit code: 0, actual exit code: 139. Message: [createdump] Problem suspending threads: ptrace(ATTACH, 32164) FAILED Operation not permitted (1)
2025-11-28T09:37:38.3403704Z 09:37:38 [DBG] [createdump] Failure took 0ms
2025-11-28T09:37:38.3407175Z 09:37:38 [DBG] [createdump] Problem suspending threads: ptrace(ATTACH, 32169) FAILED Operation not permitted (1)
2025-11-28T09:37:38.3407637Z 09:37:38 [DBG] [createdump] Failure took 1123ms
2025-11-28T09:37:38.3407809Z 09:37:38 [DBG]
2025-11-28T09:37:38.3407968Z 09:37:38 [DBG] Stack Trace:
2025-11-28T09:37:38.3410247Z 09:37:38 [DBG] at Datadog.Trace.TestHelpers.ExitCodeException.Throw(Int32 actualExitCode, Int32 expectedExitCode, String message) in /project/tracer/test/Datadog.Trace.TestHelpers/ExitCodeException.cs:line 44
2025-11-28T09:37:38.3410558Z 09:37:38 [DBG] at Datadog.Trace.TestHelpers.ExitCodeException.ThrowIfNonExpected(Int32 actualExitCode, Int32 expectedExitCode, String message) in /project/tracer/test/Datadog.Trace.TestHelpers/ExitCodeException.cs:line 26
2025-11-28T09:37:38.3410951Z 09:37:38 [DBG] at Datadog.Trace.TestHelpers.TestHelper.WaitForProcessResult(ProcessHelper helper, Int32 expectedExitCode, Boolean dumpChildProcesses) in /project/tracer/test/Datadog.Trace.TestHelpers.AutoInstrumentation/TestHelper.cs:line 214
2025-11-28T09:37:38.3411325Z 09:37:38 [DBG] at Datadog.Trace.TestHelpers.TestHelper.RunSampleAndWaitForExit(MockTracerAgent agent, String arguments, String packageVersion, String framework, Int32 aspNetCorePort, Boolean usePublishWithRID, String dotnetRuntimeArgs) in /project/tracer/test/Datadog.Trace.TestHelpers.AutoInstrumentation/TestHelper.cs:line 174
2025-11-28T09:37:38.3413036Z 09:37:38 [DBG] at Datadog.Trace.Security.IntegrationTests.Iast.WeakCipherTests.IntegrationDisabled(String variableName, String variableValue) in /project/tracer/test/Datadog.Trace.Security.IntegrationTests/IAST/WeakCipher/WeakCipherTests.cs:line 73
2025-11-28T09:37:38.3413389Z 09:37:38 [DBG] --- End of stack trace from previous location ---
2025-11-28T09:37:38.3414486Z 09:37:38 [DBG] Standard Output Messages:
2025-11-28T09:37:38.3415065Z 09:37:38 [DBG] Platform: Arm64
2025-11-28T09:37:38.3415370Z 09:37:38 [DBG] TargetPlatform: ARM64
2025-11-28T09:37:38.3415632Z 09:37:38 [DBG] Configuration: Release
2025-11-28T09:37:38.3415920Z 09:37:38 [DBG] TargetFramework: net7.0
2025-11-28T09:37:38.3416770Z 09:37:38 [DBG] .NET Core: True
2025-11-28T09:37:38.3417492Z 09:37:38 [DBG] Native Loader DLL: /project/shared/bin/monitoring-home/linux-musl-arm64/Datadog.Trace.ClrProfiler.Native.so
2025-11-28T09:37:38.3418963Z 09:37:38 [DBG] Agent listener info: Traces at port 41605
2025-11-28T09:37:38.3419224Z 09:37:38 [DBG] Starting Application: /project/artifacts/bin/Samples.WeakCipher/release_net7.0/Samples.WeakCipher.dll
2025-11-28T09:37:38.3419393Z 09:37:38 [DBG] ProcessId: 32164
2025-11-28T09:37:38.3419650Z 09:37:38 [DBG] StandardOutput:
2025-11-28T09:37:38.3419841Z 09:37:38 [DBG] [createdump] Gathering state for process 32164 dotnet
2025-11-28T09:37:38.3420026Z 09:37:38 [DBG] [createdump] Crashing thread 7da4 signal 11 (000b)
2025-11-28T09:37:38.3425455Z 09:37:38 [DBG] [createdump] Gathering state for process 32164 dotnet
2025-11-28T09:37:38.3426504Z 09:37:38 [DBG] [createdump] Crashing thread 7db9 signal 11 (000b)
2025-11-28T09:37:38.3426945Z 09:37:38 [DBG] [createdump] Target process is alive
2025-11-28T09:37:38.3427216Z 09:37:38 [DBG] [createdump] Target process is alive
2025-11-28T09:37:38.3428201Z 09:37:38 [DBG]
2025-11-28T09:37:38.3429174Z 09:37:38 [DBG] StandardError:
2025-11-28T09:37:38.3429870Z 09:37:38 [DBG] [createdump] Problem suspending threads: ptrace(ATTACH, 32164) FAILED Operation not permitted (1)
2025-11-28T09:37:38.3430686Z 09:37:38 [DBG] [createdump] Failure took 0ms
2025-11-28T09:37:38.3431037Z 09:37:38 [DBG] [createdump] Problem suspending threads: ptrace(ATTACH, 32169) FAILED Operation not permitted (1)
2025-11-28T09:37:38.3431325Z 09:37:38 [DBG] [createdump] Failure took 1123ms
2025-11-28T09:37:38.3431800Z 09:37:38 [DBG]
2025-11-28T09:37:38.3432125Z 09:37:38 [DBG] ProcessId: 32164
2025-11-28T09:37:38.3432392Z 09:37:38 [DBG] Exit Code: 139
```
While other jobs already have SYS_PTRACE capabilities, others don't.
This PR adds these capabilities to jobs that can potentially generate
dumps. The .NET `createdump` utility requires the `ptrace()` system call
to attach to crashing processes and collect crash dumps. Docker
containers don't have this capability by default for security reasons
but in CI environments, it's ok.
## Reason for change
## Implementation details
## Test coverage
## Other details
<!-- Fixes #{issue} -->
<!-- 1 parent 0d0b6b3 commit a39e1a3
File tree
3 files changed
+325
-0
lines changed- .azure-pipelines/steps
3 files changed
+325
-0
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
60 | 60 | | |
61 | 61 | | |
62 | 62 | | |
| 63 | + | |
63 | 64 | | |
64 | 65 | | |
65 | 66 | | |
| |||
0 commit comments