"typically" being important. Here's an example of where they can't: https://gist.github.com/josephcsible/c8ce72a6084634fe56928c4...

I'm kind of confuses as to what this is doing. I see that it just unmaps everything but the loop but what does this have to do with strace?

There's only one page of executable memory left in the whole process. It doesn't contain any syscall instructions, and it's a shared mapping of a read-only file. That means the debugger can't point the instruction pointer at any existing syscall instructions, and it also can't create any new ones.

Right, but why would the debugger need to do this?

Because on Linux, those are the only ways to make another process execute a syscall. (Note that the technique I'm using wouldn't work on Windows, since there, you could use VirtualAllocEx to allocate new pages in other processes.)