strace: Usage, Options & Common CI Errors
strace shows every system call a process makes, with arguments and results.
strace is how you find which file, socket, or permission a process actually touched - invaluable for "file not found" mysteries where the path is wrong. Like all ptrace tools, it is commonly blocked inside containers.
What it does
strace intercepts and records the system calls made by a process and the signals it receives, printing each call’s arguments and return value. It is the go-to tool for diagnosing why a program cannot open a file, connect, or exec.
Common usage
strace ./app # trace all syscalls
strace -f ./app # follow forked children
strace -e trace=openat,stat ./app # only file syscalls
strace -p <pid> # attach to a running process
strace -o trace.log -f ./app # write to a fileOptions
| Flag | What it does |
|---|---|
| -f | Follow child processes (fork/clone) |
| -e trace=<set> | Filter to syscalls (e.g. openat, network) |
| -p <pid> | Attach to an existing process |
| -o <file> | Write the trace to a file |
| -c | Summarize counts/time per syscall |
| -T / -tt | Show time spent / timestamps |
Common errors in CI
"strace: ptrace(PTRACE_TRACEME, ...): Operation not permitted" inside a container - the default seccomp/cap profile blocks ptrace; run with --cap-add=SYS_PTRACE and often --security-opt seccomp=unconfined. To debug an ENOENT, strace -e trace=openat shows the exact path attempted (usually a wrong working dir or missing -I path resolved at runtime). strace adds heavy overhead, so use -e to narrow syscalls and timeout for long runs.