[HN Gopher] Strace-macOS: A clone of the strace command for macOS
___________________________________________________________________
Strace-macOS: A clone of the strace command for macOS
Author : signa11
Score : 103 points
Date : 2025-11-19 01:18 UTC (21 hours ago)
(HTM) web link (github.com)
(TXT) w3m dump (github.com)
| sandbags wrote:
| Modulo I haven't tried it yet it's been an irritant that SIP
| broke tracing so this is a welcome development, thank you.
| comex wrote:
| Neat, though I'm guessing it's pretty slow.
|
| Tip for anyone reading: If you only need to trace file accesses
| or command executions, `eslogger lookup` and `eslogger exec`
| respectively will give you what you need (albeit in the form of a
| not-particularly-friendly JSON blob).
| cyberpunk wrote:
| Silly question but doesn't macos ship with dtrace? So why not use
| dtruss?
| saagarjha wrote:
| You need to disable SIP to use DTrace
| Citizen8396 wrote:
| Not entirely. You can selectively remove protections:
|
| csrutil enable --without dtrace
| saagarjha wrote:
| That's disabling SIP
| owyn wrote:
| dtruss requires disabling SIP. This seems like a better option
| for basic "what just happened?" debugging.
| agsnu wrote:
| Barely supported by Apple these days - in addition to needing
| to disable SIP which is a pain, it was broken causing system
| freezes for several major macOS releases.
| pjmlp wrote:
| Another silly question, did everyone forgot about instruments?
| youngtaff wrote:
| Isn't Instruments built on dtrace?
| viraptor wrote:
| Does instruments allow you to track file reads/writes and
| other syscalls/mach stuff? Their docs are quite bad at
| describing the capabilities, so I'm not really sure. From
| what I can see it's a profiler rather than a tracing tool.
| CGamesPlay wrote:
| Love it. I've never successfully used dtruss without hardlocking
| my system, so it's nice to see that this isn't a wrapper around
| that.
| saagarjha wrote:
| The bug for this was fixed in Tahoe
| viraptor wrote:
| For the whole dtrace system?
| saagarjha wrote:
| Yes
| StrangeDoctor wrote:
| Fantastic news, thanks for sharing. I stopped looking
| into it after some spectacularly bad hard lockups, some
| in prod...
| saagarjha wrote:
| Considering you need to turn off SIP to use it, I would
| not recommend using DTrace in prod...
| viraptor wrote:
| You need to escalate to root to run it anyway. If anyone
| can get root on my laptop, there's nothing that SIP can
| realistically protect me from. Actually, if anyone can
| get access to my user outside of sandbox, everything I
| care about is already exposed.
|
| (Also, you can disable it only for dtrace if you want)
| burnt-resistor wrote:
| Doesn't appear to work, and lacks pypi and brew packaging.
| $ pipx install git+https://github.com/Mic92/strace-macos
| installed package strace-macos 0.1.0, installed using Python
| 3.13.7 These apps are now globally available
| - strace done! $ strace df -h Error:
| Failed to load LLDB Python module. Make sure you're
| running with system Python (/usr/bin/python3) and have Xcode
| Command Line Tools installed. To install Xcode
| Command Line Tools: xcode-select --install $
| sudo strace df -h [same shit]
|
| After fixing[0] the awkward python system requirement, it doesn't
| work with built-in binaries without SIP disabled, it's really
| slow, it colorizes output even when piping, and the colors are
| terrible. Better than nothing but it's currently less effort to
| temporarily disable SIP for dtruss and reenable it later than
| install this in this early form. Maybe with time it will improve,
| but it seems like a vehicle to aggressively advertise consulting
| services.
|
| 0: env PIPX_DEFAULT_PYTHON='/usr/bin/python3'
| pipx install git+https://github.com/Mic92/strace-macos
| soraminazuki wrote:
| It's working. You deliberately ignored the requirements clearly
| stated multiple times in the README, which explains that it
| must use the same version of Python as LLDB because it relies
| on LLDB's Python bindings. The tool even explained again what
| you should do instead after you defied the installation
| instructions, yet you chose to run the same command again with
| sudo, turning this into a spectacle. This isn't a software
| issue. It's you messing around.
|
| > it seems like a vehicle to aggressively advertise consulting
| services.
|
| It's an open source tool that addresses a pain point many
| people have, made with someone's spare time with no strings
| attached. What is wrong with you?
|
| > it doesn't work with built-in binaries without SIP disabled
|
| You can't debug system binaries on macOS with SIP. That's the
| whole point of SIP. Debugging user binaries is still very much
| allowed. sudo lldb /bin/ls Password:
| (lldb) target create "/bin/ls" Current executable set
| to '/bin/ls' (arm64e). (lldb) r error: process
| exited with status -1 (attach failed (Not allowed to attach to
| process. Look in the console messages (Console.app), near the
| debugserver entries, when the attach failed. The subsystem
| that denied the attach permission will likely have logged an
| informative message about why it was denied.))
|
| > lacks pypi and brew packaging
|
| That's an entitled complaint against a project made just 2 days
| ago [1], which offers a single line command for installation.
|
| [1]: https://github.com/Mic92/strace-
| macos/commit/712aaf14d07f2ef...
| gkfasdfasdf wrote:
| TIL Nix flakes work on macos - is this a legit alternative to
| homebrew?
| arianvanp wrote:
| Yes. It's great. Especially paired with nix-darwin which allows
| you to declaratively manage all your macos settings too
| pasc1878 wrote:
| Sort of.
|
| For things that run on Linux and other Unices yes.
|
| For macOS UI programs and those that need specific
| permissions and for commercial programs stick with Homebrew
| but you can define what you want in homebrew in nix.
| BirAdam wrote:
| This triggered a small emotional reaction. I really miss the days
| when Apple made real effort toward servers with MacOS X Server
| and Xserve. Hopefully, since they're using their own
| hardware/software internally for servers, Apple may one day go
| back down that road.
___________________________________________________________________
(page generated 2025-11-19 23:02 UTC)