Information
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/chap-system_auditing.html
2.https://github.com/docker/docker/pull/20662
3.https://containerd.tools/
4.https://github.com/opencontainers/runc
Solution
Add a rule for /usr/bin/docker-runc file.For example,Add the line as below in /etc/audit/audit.rules file--w /usr/bin/docker-runc -k dockerThen, restart the audit daemon. For example,service auditd restartImpact-Auditing generates quite big log files. Ensure to rotate and archive them periodically. Also,
create a separate partition of audit to avoid filling root file system.
Default Value-By default, Docker related files and directories are not audited. The file /usr/bin/docker-
runc may not be available on the system. In that case, this recommendation is not
applicable.