diff --git a/README.md b/README.md
index 4cd83c8..a23fddc 100644
--- a/README.md
+++ b/README.md
@@ -55,6 +55,13 @@ cargo build
 
 更新 syscall 列表后重新构建二进制会生成新的 sandbox。
 
+### Generate syscalls within container
+
+```bash
+docker build -t x2t-sandbox:tracer -f ./build/Dockerfile.ubuntu-build-with-tracer --target runtime-tracer .
+docker run -it --rm -v output-volume:/output -v some-other-programs:/programs x2t-sandbox -l /output/syscalls.txt /path/to/command /and/its/arguments
+```
+
 
 ### Run
 
diff --git a/build/Dockerfile.ubuntu-build-with-tracer b/build/Dockerfile.ubuntu-build-with-tracer
index 90493a1..eda5297 100644
--- a/build/Dockerfile.ubuntu-build-with-tracer
+++ b/build/Dockerfile.ubuntu-build-with-tracer
@@ -5,6 +5,9 @@ ARG  ONLYOFFICE_IMAGE=onlyoffice/documentserver:7.5
 
 FROM ${REGISTRY}/${BASE_IMAGE} as base
 
+FROM base as runtime-slim-base
+RUN  apt update && apt install libseccomp2 -y && rm -rf /var/apt
+
 FROM ${REGISTRY}/${ONLYOFFICE_IMAGE} as runtime-base
 RUN  apt update && apt install libseccomp2 -y && rm -rf /var/apt
 
@@ -19,6 +22,11 @@ WORKDIR /src
 FROM builder-base as tracer-builder
 RUN  /root/.cargo/bin/cargo build --release --features tracing-mode
 
+FROM runtime-slim-base as runtime-tracer
+COPY --from=tracer-builder /src/target/release/x2t-sandbox /usr/local/bin/x2t-sandbox
+ENTRYPOINT ["/usr/local/bin/x2t-sandbox"]
+
+
 FROM runtime-base as tracer-generate-syscalls
 COPY data /data
 COPY --from=tracer-builder /src/target/release/x2t-sandbox /usr/local/bin/x2t-sandbox