Skip to content
Latchkey

strace: Usage, Options & Common CI Errors

strace shows every system call a process makes, with arguments and results.

strace is how you find which file, socket, or permission a process actually touched - invaluable for "file not found" mysteries where the path is wrong. Like all ptrace tools, it is commonly blocked inside containers.

What it does

strace intercepts and records the system calls made by a process and the signals it receives, printing each call’s arguments and return value. It is the go-to tool for diagnosing why a program cannot open a file, connect, or exec.

Common usage

Terminal
strace ./app                       # trace all syscalls
strace -f ./app                    # follow forked children
strace -e trace=openat,stat ./app  # only file syscalls
strace -p <pid>                    # attach to a running process
strace -o trace.log -f ./app       # write to a file

Options

FlagWhat it does
-fFollow child processes (fork/clone)
-e trace=<set>Filter to syscalls (e.g. openat, network)
-p <pid>Attach to an existing process
-o <file>Write the trace to a file
-cSummarize counts/time per syscall
-T / -ttShow time spent / timestamps

Common errors in CI

"strace: ptrace(PTRACE_TRACEME, ...): Operation not permitted" inside a container - the default seccomp/cap profile blocks ptrace; run with --cap-add=SYS_PTRACE and often --security-opt seccomp=unconfined. To debug an ENOENT, strace -e trace=openat shows the exact path attempted (usually a wrong working dir or missing -I path resolved at runtime). strace adds heavy overhead, so use -e to narrow syscalls and timeout for long runs.

Related guides

Run this faster and cheaper on Latchkey managed runners. Start free →