Re: Running DTrace in container

public inbox for dtrace@lists.linux.dev
 help / color / mirror / Atom feed

From: Kris Van Hees <kris.van.hees@oracle.com>
To: cornet.newest_7d@icloud.com
Cc: dtrace@lists.linux.dev
Subject: Re: Running DTrace in container
Date: Mon, 30 Mar 2026 14:30:09 -0400	[thread overview]
Message-ID: <acrBMandGlibnH8C@oracle.com> (raw)
In-Reply-To: <1A79B12A-61B9-4789-BA80-04F98DA80121@icloud.com>

On Mon, Mar 30, 2026 at 11:27:21AM +0200, cornet.newest_7d@icloud.com wrote:
> Hi, I'm trying to run DTrace inside a Docker container but I get an error from one of the bundled DTrace files:
> 
> $ docker run -it --rm --privileged dtrace
> root@b72fbbee0b66:/dtrace# dtrace -n 'syscall::openat:entry /pid == $target/ { trace(copyinstr(arg1)); } ' -c 'cat README'
> dtrace: invalid probe specifier syscall::*open*:entry /pid == $target/ { trace(copyinstr(arg1)); } : "/usr/lib64/dtrace/6.10/procfs.d", line 131: operator -> cannot be applied to pointer to type "void"; must be applied to a struct or union pointer

Thank you for reporting this.  I have not been able to reproduce this on any
of my systems (not using a docker container).  I do not see where the fact that
you run inside a container would cause this error though.

The offending line is:

	pr_ppid = T->real_parent->tgid;	

a part of the psinfo_t < struct task_struct *T > translator.

> I'm using Docker through OrbStack on macOS ARM64 (so this is running Linux AArch64). The Linux kernel that OrbStack is using is 6.17.8:
> 
> $ docker run dtrace uname -r                                                                                                                        
> 6.17.8-orbstack-00308-g8f9c941121b1
> 
> When building DTrace I've based my Docker image on Ubuntu 25.10, which uses the 6.17.0 kernel by default. See the exact Dockerfile I've used to build DTrace at the end of this message. I've also tried to build and run DTrace without Docker in a virtual machine using QEMU running Ubuntu 25.10. Then DTrace is working fine in the virtual machine.
> 
> Have I made some mistake when building DTrace or is it not expected to be able to run DTrace inside a container? Or is DTrace not compatible with this particular version of the Linux kernel?

The first thing that comes to mind is that you are configuring dtrace with the
--kernels=... options etc.  That should not be needed for regular building of
DTrace on supported kernels.  Those options only come into play when translator
files are to be generated.  The provided files should be sufficient for all
regular upstream kernels from 5.2 up to the current latest upstream kernel.

We support those options in order to generate new translators when a kernel
change occurs that causes the latest provided set of files to not work with a
new kernel.  That is thankfully pretty rare.

So, I would re-try with building dtrace  using the following configure step:

	./configure \
		--libdir= /lib/aarch64-linux-gnu \
		BPFC=bpf-gcc BPFLD=bpf-ld

You also should not have to download the kernel source tree or anything like
that.  DTrace should operate fine without it.

> Dockerfile:
> 
> FROM ubuntu:25.10
> 
> ARG KERNEL_VERSION=6.17.8
> ARG KERNEL_MAJOR=6
> 
> RUN apt update && apt install -y\
>   libc6-dev \
>   bison \
>   flex \
>   gcc-bpf \
>   binutils-bpf \
>   libpcap-dev \
>   wireshark \
>   valgrind \
>   libfuse3-dev \
>   \
>   libelf-dev \
>   make \
>   binutils-dev \
>   libpfm4-dev \
>   libbpf-dev \
>   gawk \
>   \
>   curl \
>   xz-utils && \
>   ln -s /usr/include/ctf-api.h /usr/include/sys/ctf_api.h
> 
> RUN \
>   kernel_version=$(uname -r | cut -f 1 -d - | cut -f 1 -d +) && \
>   kernel_major=$(echo $kernel_version | cut -f 1 -d .) && \
>   curl -L "https://cdn.kernel.org/pub/linux/kernel/v$kernel_major.x/linux-$kernel_version.tar.xz" -o "linux-$kernel_version.tar.xz" && \
>   tar xf "linux-$kernel_version.tar.xz" && \
>   cd "linux-$kernel_version" && \
>   make mrproper
> 
> RUN \
>   curl -L https://github.com/oracle/dtrace/archive/refs/heads/devel.tar.gz -o dtrace.tar.gz && \
>   mkdir dtrace && \
>   tar -x -f dtrace.tar.gz -C dtrace --strip-components=1
> 
> RUN \
>   kernel_version=$(uname -r | cut -f 1 -d - | cut -f 1 -d +) && \
>   kernel_major=$(echo $kernel_version | cut -f 1 -d .) && \
>   cd dtrace && \
>   ./configure \
>     --kernels="$kernel_version" \
>     --kernel-mod-dir="../linux-$kernel_version/" \
>     --kernel-src-dir=../linux-$kernel_version/ \
>     --kernel-src-suffix="" \
>     --kernel-obj-suffix="build" && \
>   make BPFC=bpf-gcc BPFLD=bpf-ld && \
>   make install && \
>   mv /usr/lib64/libdtrace.so* /lib/aarch64-linux-gnu/
> 
> --
> /Jacob Carlborg

next prev parent reply	other threads:[~2026-03-30 18:30 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-03-30  9:27 Running DTrace in container cornet.newest_7d
2026-03-30 18:30 ` Kris Van Hees [this message]
  -- strict thread matches above, loose matches on Subject: below --
2026-04-11 11:34 Jacob Carlborg

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=acrBMandGlibnH8C@oracle.com \
    --to=kris.van.hees@oracle.com \
    --cc=cornet.newest_7d@icloud.com \
    --cc=dtrace@lists.linux.dev \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox