This page describes using system call tracing to diagnose container sandbox
limitations, and assumes that you have some familiarity with system call tracing,
using tools such as strace or
dtruss. If you are not familiar with system call tracing, you should proceed
only after you contact Google Cloud support with the details of your problem
and have been invited to trace the system calls by the Google Cloud support team.
The container sandbox does not support all of the system calls that are
supported in Linux. You can use system call tracing tools such as strace
(Linux) or dtruss (macOS) to examine the syscalls made by your application, to
help determine the syscalls that are not supported by the sandbox.
Using strace (Linux)
If you're running your code on Linux, install and enable strace:
sudo apt-get install strace
Run your application with strace by prefacing your usual invocation with
strace -f where -f means to trace all child threads. For example, if you
normally invoke your application with ./main, you can run it with strace by
invoking /usr/bin/strace -f ./main.
Viewing the logs returned by strace
The system logs from strace look like this:
Using dtruss (macOS)
If you're running your code on macOS, use dtrusss by prefacing your usual
invocation with dtruss -a from the command line, for example:
sudo dtruss -a ./main
For documentation, use the command man dtruss, or visit one of the
dtrace/drusss websites.