Is it possible to run SystemTap inside a docker container that is not privileged? I have mounted /lib/modules and /sys/kern/debug inside the container, and granted the container all capabilities, but that didn't help. While SystemTap does install the module with no issues, it fails to connect to the module in pass 5 with the error: cannot open the module control channel.
The solution is to mount debugfs with read-write permissions outside /sys. Without privileged mode, /sys is mounted read-only, and SystemTap cannot write to the control channel (a debugfs file) of the tracer module.