docker run --rm -ti -v /sys/kernel/debug:/sys/kernel/debug:ro ubuntu
However the following fails,
$ docker run --rm -ti -v /sys/kernel/debug/tracing:/sys/kernel/debug/tracing:ro ubuntu
docker: Error response from daemon: failed to create shim: OCI runtime create failed: runc create failed: unable to start container process: error during container init: error mounting "/sys/kernel/debug/tracing" to rootfs at "/sys/kernel/debug/tracing": mkdir /var/lib/docker/overlay2/7ed84b54340e9ead72667f1ee42ab65fd659ee6d9a0bdbc85226aae03eab0738/merged/sys/kernel/debug/tracing: no such file or directory: unknown.
ERRO[0000] error waiting for container: context canceled
Does it mean that mounting subpath of debugfs not possible? But isn’t /sys also a virtual filesystem? Could not find much info online as to why the difference.
Have you actualy checked if /sys is not already bound into the containers /sys folder in ro-mode? As far as I know, there should be no need to bind mount the /sys folder yourself.
If you still miss something, you can try if running the container with --privileged
N.B.: it is not advised to run container in privliged mode at all, instead it’s better to pinpoint the required capabilities and just add those. A privliged container has such a weak isolation that it’s possible to escape the container and get access to the host.