fork/exec ./debug: operation not permitted

My goal is to be able to remote debug from Atom.io. into a docker container running go in dlv debugger. This is the first problem:

Update:1. I am running Docker container on a mac, but that should not influence the code signing thing as I am running in a container, right?

Update:2. Codesignig the host, did not help.

Error:

1. root@...:/go/src/app# go get github.com/derekparker/delve/cmd/dlv

2. root@...:/go/src/app# dlv debug hello.go

could not launch process: fork/exec ./debug: operation not permitted

Then tried to

1. root@...:/go/src/app# sudo

2. bash: sudo: command not found

According Delve Issue #515

> Docker has security settings preventing ptrace(2) operations by
> default with in the container. Pass --security-opt seccomp:unconfined
> to docker run when starting.

*confirmation of this in official docker bug tracker https://github.com/docker/docker/issues/21051

It seems to work if you start the container with --privileged. I've tried to figure out if there is a more fine-grained capability but failed.

Also I just found https://github.com/steeve/homebrew-delve which should make things easier on OSX.

Docker has security settings preventing ptrace(2)

See how i fixed it.

if using a docker-compose file to run the container then append seccomp:unconfined in the services section like below

api: 
  security_opt:
    - seccomp:unconfined

if using docker run ...passing seccomp:unconfined works as well

Run Docker container as a command:

docker run -itd -p 2028:22 -p 2345:2345 --dns=10.236.8.8 --privileged=true --name=golang  centos7-golang  /usr/bin/supervisord

it works for me~