bpftrace, uprobe and containers

Couple days ago at work I found myself needing to trace BPF's uprobes while investigating an issue with libzookeeper.

Normally, running a uprobe / uretprobe is as easy as passing the path to the library and the function name:

$ bpftrace -e 'uretprobe:/usr/lib/x86_64-linux-gnu/libzookeeper_mt.so.2.0.0:zoo_set2 { printf("%d\n", retval); }'

In my case, Zookeeper client was running in a container. How do I figure out the path to the library if the process is in Docker?

Turns out it's not too hard, but I tend to forget things, so I decided to write this post for myself in the future in case I need to do this again.

Written in October 2020.
Kir Shatrov

Kir Shatrov helps businesses to grow by scaling the infrastructure. He writes about software, scalability and the ecosystem. Follow him on Twitter to get the latest updates.