@@ -112,6 +112,41 @@ func checkCleanBacktrace(t *testing.T, backtrace string) {
112112 // TODO(mundaym): check for unknown frames (e.g. "??").
113113}
114114
115+ // checkPtraceScope checks the value of the kernel parameter ptrace_scope,
116+ // skips the test when gdb cannot attach to the target process via ptrace.
117+ // See issue 69932
118+ //
119+ // 0 - Default attach security permissions.
120+ // 1 - Restricted attach. Only child processes plus normal permissions.
121+ // 2 - Admin-only attach. Only executables with CAP_SYS_PTRACE.
122+ // 3 - No attach. No process may call ptrace at all. Irrevocable.
123+ func checkPtraceScope (t * testing.T ) {
124+ path := "/proc/sys/kernel/yama/ptrace_scope"
125+
126+ // If the kernel does not have the YAMA module enabled,
127+ // there will be no ptrace_scope file, which does not affect the tests.
128+ if _ , err := os .Stat (path ); os .IsNotExist (err ) {
129+ return
130+ }
131+
132+ data , err := os .ReadFile (path )
133+ if err != nil {
134+ t .Fatalf ("failed to read file: %v" , err )
135+ }
136+ value , err := strconv .Atoi (strings .TrimSpace (string (data )))
137+ if err != nil {
138+ t .Fatalf ("failed converting value to int: %v" , err )
139+ }
140+ switch value {
141+ case 3 :
142+ t .Skip ("ptrace: Operation not permitted" )
143+ case 2 :
144+ if os .Geteuid () != 0 {
145+ t .Skip ("ptrace: Operation not permitted with non-root user" )
146+ }
147+ }
148+ }
149+
115150// NOTE: the maps below are allocated larger than abi.MapBucketCount
116151// to ensure that they are not "optimized out".
117152
@@ -197,6 +232,7 @@ func testGdbPython(t *testing.T, cgo bool) {
197232 t .Parallel ()
198233 checkGdbVersion (t )
199234 checkGdbPython (t )
235+ checkPtraceScope (t )
200236
201237 dir := t .TempDir ()
202238
@@ -420,6 +456,7 @@ func TestGdbBacktrace(t *testing.T) {
420456 checkGdbEnvironment (t )
421457 t .Parallel ()
422458 checkGdbVersion (t )
459+ checkPtraceScope (t )
423460
424461 dir := t .TempDir ()
425462
@@ -538,6 +575,7 @@ func TestGdbAutotmpTypes(t *testing.T) {
538575 checkGdbEnvironment (t )
539576 t .Parallel ()
540577 checkGdbVersion (t )
578+ checkPtraceScope (t )
541579
542580 if runtime .GOOS == "aix" && testing .Short () {
543581 t .Skip ("TestGdbAutotmpTypes is too slow on aix/ppc64" )
@@ -612,6 +650,7 @@ func TestGdbConst(t *testing.T) {
612650 checkGdbEnvironment (t )
613651 t .Parallel ()
614652 checkGdbVersion (t )
653+ checkPtraceScope (t )
615654
616655 dir := t .TempDir ()
617656
@@ -676,6 +715,7 @@ func TestGdbPanic(t *testing.T) {
676715 checkGdbEnvironment (t )
677716 t .Parallel ()
678717 checkGdbVersion (t )
718+ checkPtraceScope (t )
679719
680720 if runtime .GOOS == "windows" {
681721 t .Skip ("no signals on windows" )
@@ -755,6 +795,7 @@ func TestGdbInfCallstack(t *testing.T) {
755795
756796 t .Parallel ()
757797 checkGdbVersion (t )
798+ checkPtraceScope (t )
758799
759800 dir := t .TempDir ()
760801
0 commit comments