Interesting techniques, though, like one of the commenters mentioned, I don’t see how this would work for applications (services) that change over time. And what about when the libraries (files) used also change? And, as another commenter mentioned, what if the application accessed a file that it hadn’t accessed during the “profiling”?
I can see some uses for ephemeral command-containers, i.e., containers that are used like shell commands (compilers and such).
The footnote seems important here:
Let’s face the truth: What I really wanted, was experimenting with this syscall. Docker images are more of a (good) pretext.