I have an AWS Linux host machine running a centos 7 docker container with 5.5.25 and php-fpm running inside it. Php is exposed outside of the docker container over port 9000 and is serving requests to an nginx server. This setup has been working fine but when I recently turned on the php-fpm slowlog to try and debug some slow code and I could not get php to log slow scripts. I have set the following in /etc/php-fpm.d/www.conf:
request_slowlog_timeout = 5s
slowlog = /var/www/log/php-fpm-slow.log
and /var/www/log/php-fpm-slow.log is owned by the www user with 777 permissions. The following is being logged to the php error log each time a slow script runs.
[07-Jul-2015 07:33:34] ERROR: failed to ptrace(ATTACH) child 18: Operation not permitted (1)
[07-Jul-2015 07:33:34] WARNING: [pool www] child 18, script '/var/www/src/index.php' (request: "GET /index.php") executing too slow (5.700050 sec), logging
I am taking from this that the request_slowlog_timeout of 5s is actually being triggered but for some reason the log is not able to be generated.
I have seen similar but not identical issues that suggest modifying /etc/sysctl.d/10-ptrace.conf or /proc/sys/kernel/yama/ptrace_scope. Unfortunately neither of these files exist in my host AWS Linux or container Centos 7 Operating systems.
Does anyone have any ideas of what might be causing this issue, or what steps I could take to debug further?
Best Answer
I finally figured this out. You need to give the docker container the capability to use ptrace. Simply adding --cap-add SYS_PTRACE to the docker run command fixed this problem for me.