>If I comment out the getsockopt call, my application tracing starts to work.

Correction on the above, I meant I comment out the check for pid being non-zero in the get_cred call, not the whole getsockopt call.

diff --git a/liblttng-ust-ctl/ustctl.c b/liblttng-ust-ctl/ustctl.c
index 39860ebf..96aeef3c 100644
--- a/liblttng-ust-ctl/ustctl.c
+++ b/liblttng-ust-ctl/ustctl.c
@@ -1825,10 +1825,10 @@ int get_cred(int sock,
                "application registered claiming [ pid: %u, ppid: %u, uid: %u, gid: %u ]",
                ucred.pid, ucred.uid, ucred.gid,
                reg_msg->pid, reg_msg->ppid, reg_msg->uid, reg_msg->gid);
-       if (!ucred.pid) {
-               ERR("Unix socket credential pid=0. Refusing application in distinct, non-nested pid namespace.");
-               return -LTTNG_UST_ERR_PEERCRED_PID;
-       }
+       // if (!ucred.pid) {
+       //      ERR("Unix socket credential pid=0. Refusing application in distinct, non-nested pid namespace.");
+       //      return -LTTNG_UST_ERR_PEERCRED_PID;
+       // }
        *pid = ucred.pid;
        *uid = ucred.uid;
        *gid = ucred.gid;

On Mon, Apr 5, 2021 at 11:09 AM Eqbal <eqbalzee@gmail.com> wrote:
Hi,

I am trying to get user space tracing working for an application running in a docker container. I am running lttng session daemon in another container. I mounted the unix socket locations (either /var/run/lttng for root or $HOME/.lttng for another user). By doing that I can run commands like lttng create or lttng list <session-name>, but the tracepoint events from the application don't get registered and there is no trace output.

I enabled LTTNG_UST_DEBUG an ran lttng-sessiond in verbose mode (-vvv and --verbose-consumer) and got the following error message:

"Unix socket credential pid=0. Refusing application in distinct, non-nested pid namespace."

It appears that for some calls to the session daemon there is a getsockopt syscall made with SO_PEERCRED which returns 0 for pid and the call is failed with LTTNG_UST_ERR_PEERCRED_PID error (see get_cred call in ustctl.c).

If I comment out the getsockopt call, my application tracing starts to work.

From what I found, docker cannot support getsockopt/SO_PEERCRED call to get peer pid on the unix socket which would make sense as it's in a separate namespace.

I have a few questions on this:
1. What is the reason for the get_cred/getsockopt call with SO_PEERCRED? I would like to understand why it's required for some and not other calls.
2. Is there any workaround for this problem, so that I can get this to work with the container topology I am working with (app in one container and lttng daemons in another).
3. Related to 2, are there any gotchas to bypassing the getsockopt call in get_cred?

Appreciate your help regarding this.

Thanks,
Eqbal