Tracing system calls

This page describes using system call tracing to diagnose container sandbox limitations, and assumes that you have some familiarity with system call tracing, using tools such as strace or dtruss. If you are not familiar with system call tracing, you should proceed only after you contact Google Cloud support with the details of your problem and have been invited to trace the system calls by the Google Cloud support team.

The container sandbox does not support all of the system calls that are supported in Linux. You can use system call tracing tools such as strace (Linux) or dtruss (macOS) to examine the syscalls made by your application, to help determine the syscalls that are not supported by the sandbox.

Using strace (Linux)

If you're running your code on Linux, install and enable strace:

sudo apt-get install strace

Run your application with strace by prefacing your usual invocation with strace -f where -f means to trace all child threads. For example, if you normally invoke your application with ./main, you can run it with strace by invoking /usr/bin/strace -f ./main.

Viewing the logs returned by strace

The system logs from strace look like this:

strace logs

Using dtruss (macOS)

If you're running your code on macOS, use dtrusss by prefacing your usual invocation with dtruss -a from the command line, for example:

sudo dtruss -a ./main

For documentation, use the command man dtruss, or visit one of the dtrace/drusss websites.