Use perf inside a docker container without --privileged

After some research, the problem is not with the perf_event_paranoid, but with the fact that perf_event_open (syscall) has been blacklisted in docker: https://docs.docker.com/engine/security/seccomp/ "Docker v17.06: Seccomp security profiles for Docker"

Significant syscalls blocked by the default profile

perf_event_open Tracing/profiling syscall, which could leak a lot of information on the host.

My first work-around for this is to have a script that downloads the official seccomp file https://github.com/moby/moby/blob/master/profiles/seccomp/default.json, and adds perf_event_open to the list of white-listed syscalls.

I then start docker with --security-opt seccomp=my-seccomp.json

Run docker with --cap-add SYS_ADMIN