Mithya
auditctl -l
shows me rules added by osquery but in the container, this doesn't work.)
The same set of flags don't work when I test it out inside a container.
These are the flags I am launching osqueryd with--audit_allow_config=true
--audit_allow_sockets
--audit_persist=true
--disable_audit=false
The error that I am getting isosquery_1 | I0429 19:00:06.721541 16 auditdnetlink.cpp:623] Failed to set the netlink owner
sundsta
Mithya
sundsta