Running perf inside a docker container / Docker seccomp profiles

Hi! I’m currently attempting to profile an application running inside a docker container on a Jetson TX2, using nvidia-docker. I would prefer to do this using the perf tool, as the stats it provides are exactly what I need. Docker’s default security policy does not allow one to run perf stat and similar commands inside a container. To be specific, the system call perf relies on under the hood, called perf_event_open is disabled by default. This should be easy to override using the --security-opt flag to docker run paired with a JSON file containing a modified list of permitted system calls. However, when attempting to run a Container with the specified settings, I get the following error message:

Error response from daemon: seccomp profiles are not supported on this daemon, you cannot specify a custom seccomp profile

Does anyone know of a way to specify a seccomp profile despite this? Is is possible/advisable to use a different docker runtime when profiling?

Thanks a lot in advance!


When you launch the container, do you run it with root authority like sudo?

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.