Failed to Analyze Processes in a Container

Symptom

When performing Java hotspot analysis on the Java process in a Docker container, no data is obtained in the collection result. The background Java process prints the error message "[ERROR] No access to perf events. Try --fdtransfer or --all-user option or 'sysctl kernel.perf_event_paranoid=1'". After the sysctl kernel.perf_event_paranoid=1 command is executed, no flame graph is displayed.

Possible Causes

When creating and running a Docker container, the required permission is not assigned to the container. As a result, the perf command fails to be executed in the container.

Troubleshooting Procedure

When starting the Docker container, add the --privileged=true permission (granting almost all permissions to the container) or the --cap-add SYS_ADMIN permission (allowing the container to perform system-level operations). You can run the following command to start and run the Docker container:

docker run -it --name=dockername --privileged=true [IMAGE] /sbin/init

or:

docker run -it --name=dockername --cap-add SYS_ADMIN [IMAGE] /sbin/init