Disable AppArmor for Docker for ptrace_scope
AppArmor can be disabled either by running unconfined, or as a privileged container:
--security-opt apparmor=unconfined
(orapparmor:unconfined
for docker 1.10 and below)--privileged
However, a better option is to create a new profile that enables ptrace. You can use the docker AppArmor profile as a starting point (found in /etc/apparmor.d/docker
), and append the ptrace peer=@{profile_name}
.
You will also need to disable seccomp (unless using privileged
), through --security-opt seccomp=unconfined