Currently pipelines containerisation does no allow ptrace() sys calls to be made, due to the seccomp restrictions.

There are work arounds, which involve using docker in docker to wrap whatever code/script needs to make ptrace calls.

To work around the problem, you can set up a step, using docker, and run the command(s) requiring ptrace. The docker in docker service allows SYS_PTRACE, and therefore ptrace(), however pipelines does not yet allow this outside of docker.

e.g

- step:
     services:
        - docker
     script:
        - docker run -v $(pwd):$(pwd) -w $(pwd) <yourimage> ./commands.sh

Is it possible to allow ptrace() ? This will greatly assist anyone using certain debugging tools within pipelines. As an example, the below fails under pipelines:

pipelines:
  default:
    - step:
        image: ubuntu:18.04
        script:
          - apt-get update && apt-get install -y gcc
          - gcc -fsanitize=address my-app.c
          - LSAN_OPTIONS=verbosity=1:log_threads=1 ./a.out

Running the same set of commands inside of a docker run works:

pipelines:
  default:
    - step:
        image: ubuntu:18.04
        services:
          - docker
        script:
          # contents of script.sh is the script block from the previous example.
          - docker run -v $(pwd):$(pwd) -w $(pwd) ubuntu:18.04 ./script.sh