Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Running inside a docker container with same namespace #199

Closed
tachang opened this issue Nov 22, 2019 · 6 comments
Closed

Running inside a docker container with same namespace #199

tachang opened this issue Nov 22, 2019 · 6 comments

Comments

@tachang
Copy link

tachang commented Nov 22, 2019

Doing:

docker run -it --pid=container:7a688ad0e0b5 --net=container:7a688ad0e0b5 --cap-add sys_admin --cap-add sys_ptrace tachang/py-spy bash
py-spy record -o profile.svg -p 24
Error: No such file or directory (os error 2)

However this works:

py-spy dump -p 24
Process 24: uwsgi --hook-master-start unix_signal:1 gracefully_kill_them_all --ini /example/settings/uwsgi/uwsgi.ini --touch-reload /tmp/reload_uwsgi 
Python v3.7.2 (/usr/local/bin/uwsgi)

Thread 0x7FC5D341CB88 (active): "uWSGIWorker4Core0"
@tachang
Copy link
Author

tachang commented Nov 22, 2019

[2019-11-22T18:27:19.802408756Z INFO  remoteprocess::linux] Process 17 appears to be running in a different namespace - setting namespace to match
[2019-11-22T18:27:19.802481087Z WARN  py_spy::python_spy] Failed to set namespace: EINVAL: Invalid argument

@benfred
Copy link
Owner

benfred commented Nov 24, 2019

Thanks for the bug report! I think I've managed to figure out what is going on here and will have a bug fix out soon.

The setns call is failing with EINVAL because py-spy has multiple threads now with the subprocess profiling code - and setns doesn't seem to work in a multithreaded program: ("EINVAL: The caller is multithreaded and tried to join a new user namespace").

It looks like rbspy reads files from /proc/{pid}/root instead of calling setns: https://github.com/rbspy/rbspy/blob/8945812a8/src/core/address_finder.rs#L316-L319 - I'm going to try that approach instead.

@tachang
Copy link
Author

tachang commented Nov 24, 2019

@benfred Thanks! I'm actually working on this right now and I'll put some notes here.
I don't know any Rust at all so it's slow going but I found this post which was really useful:
https://jvns.ca/blog/2018/01/26/spy-container/

My guess right now is that the Error: No such file or directory (os error 2) is referring to this previous line:
[2019-11-24T05:59:14.128555074Z INFO py_spy::python_spy] Found libpython binary @ /usr/local/lib/libpython3.7m.so.1.0

Because I am in this side loaded container it doesn't have that file. The file is definitely available at /proc/17/root/usr/local/lib/libpython3.7m.so.1.0 which is my uwsgi container's filesystem.

So right now I'm trying to figure out how to use this dockerized flag in Rust to maybe instead of setns just prepend /proc/<pid>/ to the calls.

@tachang
Copy link
Author

tachang commented Nov 24, 2019

Also for context the reason I need to load another container is I want to inspect this uwsgi that is currently running in a Docker Swarm environment. I would gladly just go ahead and install py-spy inside that running container but Docker swarm doesn't allow you to set capabilities. Because I am using a third party service to deploy this swarm cluster I don't have access to. So py-spy would really come in handy if I can run from another container. Thanks for all the work you put into this!

@benfred
Copy link
Owner

benfred commented Nov 24, 2019

@tachang In the short term you can get around this with pip install py-spy==0.2.2 - and this should work. I have a fix almost ready to go now, just testing this out

benfred added a commit that referenced this issue Nov 24, 2019
setns can't handle multithreaded programs, and using it to profile programs
running in docker wasn't working with the recent subprocesses changee. Instead
read files from /proc/PID/root as suggested here
https://jvns.ca/blog/2018/01/26/spy-container/

#199
@benfred
Copy link
Owner

benfred commented Dec 9, 2019

Fix is in 0.3.1

@benfred benfred closed this as completed Dec 9, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants