据我所知，ptrace默认在docker容器中被禁用，而strace使用的是ptrace。

示例：

docker run -it ubuntu:latest bash
root@f592f4019a65:/# strace sleep
execve("/usr/bin/sleep",["sleep"],0x7ffc66c181f0 /* 8 vars */) = 0
brk(NULL)                               = 0x55e44c6f3000
arch_prctl(0x3001 /* ARCH_??? */,0x7ffc81c678d0) = -1 EINVAL (Invalid argument)
access("/etc/ld.so.preload",R_OK)      = -1 ENOENT (No such file or directory)
openat(AT_FDCWD,"/etc/ld.so.cache",O_RDONLY|O_CLOEXEC) = 3
fstat(3,{st_mode=S_IFREG|0644,st_size=7218,...}) = 0
mmap(NULL,7218,PROT_READ,MAP_PRIVATE,3,0) = 0x7f95bf446000
close(3)                                = 0
openat(AT_FDCWD,"/lib/x86_64-linux-gnu/libc.so.6",O_RDONLY|O_CLOEXEC) = 3
read(3,"\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\360q\2\0\0\0\0\0"...,832) = 832
pread64(3,"\6\0\0\0\4\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0"...,784,64) = 784
pread64(3,"\4\0\0\0\20\0\0\0\5\0\0\0GNU\0\2\0\0\300\4\0\0\0\3\0\0\0\0\0\0\0",32,848) = 32
pread64(3,"\4\0\0\0\24\0\0\0\3\0\0\0GNU\0cBR\340\305\370\2609W\242\345)q\235A\1"...,68,880) = 68
fstat(3,{st_mode=S_IFREG|0755,st_size=2029224,8192,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS,-1,0) = 0x7f95bf444000
...

因此，如所见，strace设法跟踪系统调用。但是为什么在这种情况下允许使用ptrace？