auditd service doesn't start inside any container:
[root@ct ~]# /etc/init.d/auditd start Starting auditd: [FAILED]
The following messages appear inside
/var/log/messages in the container:
May 16 02:14:11 ct auditd: Started dispatcher: /sbin/audispd pid: 830 May 16 02:14:11 ct audispd: No plugins found, exiting May 16 02:14:11 ct auditd: Unable to set audit pid, exiting May 16 02:14:12 ct auditd: The audit daemon is exiting. May 16 02:14:12 ct auditd: Cannot daemonize (Success) May 16 02:14:12 ct auditd: The audit daemon is exiting.
Kernel Audit is prohibited inside containers by design.
It's not possible to use audit daemon inside containers.