The combination that I've needed in Docker - for REPL or LLDB - are:
-
--cap-add=SYS_PTRACE
(allows the launched process to trace system calls from) -
--security-opt seccomp=unconfined
(runs the container without the default security profile) -
--security-opt apparmor=unconfined
(runs the container without the AppArmor security profile)