Systemtap running in a container. https://github.com/xfiretrace/systemtap
- Extended support for container environments allows you to trace a container's pid on the host machine.
- Adapted stapxx and openresty-systemtap-toolkit.
For different versions of ubuntu, get the corresponding kernel version at https://wiki.ubuntu.com/Debug%20Symbol%20Packages.
echo "deb http://ddebs.ubuntu.com $(lsb_release -cs) main restricted universe multiverse
deb http://ddebs.ubuntu.com $(lsb_release -cs)-updates main restricted universe multiverse
deb http://ddebs.ubuntu.com $(lsb_release -cs)-proposed main restricted universe multiverse" | \
sudo tee -a /etc/apt/sources.list.d/ddebs.list
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys F2EDC64DC5AEE1F6B9C621F0C8CAB6595FDFF622
Then run the following to update your package list or click the Reload button if you used the Synaptic Package Manager.
sudo apt-get update
apt-get install linux-image-$(uname -r)-dbgsym
You can use docker command to run systemtap container:
docker run --privileged --rm -v /sys/kernel/debug:/sys/kernel/debug -v /usr/src/:/usr/src/ -v /lib/modules/:/lib/modules/ -v /usr/lib/debug:/usr/lib/debug -v /proc:/proc -t -i --name systemtap xfiretrace/systemtap
Once you are in the shell, you can try some simple systemtap scripts:
- "hello world" with systemtap:
$ stap -e 'probe begin { println("hello world"); }'
hello world
- script to print read performed with
vfs.read
:
stap -v -e 'probe vfs.read {printf("read performed\n"); exit()}'
read performed
- you can trace the process which {PID} such as:
stap -e 'probe process("/proc/{PID}/root/usr/local/openresty/nginx/sbin/nginx").function("ngx_http_log_request") {println("hello world")}'