Re: Audit, lxc containers and logged paths

Hello everybody, I need to watch folders inside unprivileged linux containers. From what I know it's not possible to run audit inside a lxc guest, so I set up audit inside the host to log access to dirs using absolute path (e.g. /var/lib/lxc/mycontainer/rootfs/etc/) and it works, but giving a look at the logs I found that both the paths of the executable and the path that has been accessed are relative to the container (i.e. /bin/ls and /etc/passwd), so I don't have a clue of which is the container that generated the record. I could compare the uid that generated it whith the uids set for the containers, but it seems an ugly solution. Can audit be configured for logging the absolute paths, or give me a hint of the container that generated the record? Best regards Michele