What's unusual here is that the open
of /proc/pid/stack
succeeds, but an attempt to read
from it returns EPERM
.
The kernel source code for showing the contents of /proc/pid/stack
, fs/proc/base.c:proc_pid_stack()
, calls lock_trace()
, which will return a permission error if the caller doesn't have access to ptrace the target process.
On many Linux distributions, there are Linux Security Modules that may restrict the use of ptrace
. One of these is Yama, which you'll encounter if you use Ubuntu. Permission to use ptrace
is restricted to root or to an ancestor (typically the parent) process of the target. You can check this with
root@ubuntu:~# cat /proc/sys/kernel/yama/ptrace_scope
1
And can disable it by doing
root@ubuntu:~# echo 0 > /proc/sys/kernel/yama/ptrace_scope
Thereafter, you'll be able to cat /proc/pid/stack
.