Running perf inside a docker container / Docker seccomp profiles

Hi! I’m currently attempting to profile an application running inside a docker container on a Jetson TX2, using nvidia-docker. I would prefer to do this using the perf tool, as the stats it provides are exactly what I need. Docker’s default security policy does not allow one to run perf stat and similar commands inside a container. To be specific, the system call perf relies on under the hood, called perf_event_open is disabled by default. This should be easy to override using the --security-opt flag to docker run paired with a JSON file containing a modified list of permitted system calls. However, when attempting to run a Container with the specified settings, I get the following error message:

Error response from daemon: seccomp profiles are not supported on this daemon, you cannot specify a custom seccomp profile

Does anyone know of a way to specify a seccomp profile despite this? Is is possible/advisable to use a different docker runtime when profiling?

Thanks a lot in advance!

Hi,

When you launch the container, do you run it with root authority like sudo?
Thanks.