Test for kernel audit container id functionality: - prohibit unsetting - prohibit self-setting - prohibit setting again - prohibit without CAP_AUDIT_CONTROL - verify AUDIT_CONTAINER record - verify auditctl containerid filter - verify kernel AUDIT_CONTAINERID filter functionality - verify AUDIT_CONTAINER_INFO record See: https://github.com/linux-audit/audit-kernel/issues/32 See: https://github.com/linux-audit/audit-kernel/issues/90 See: https://github.com/linux-audit/audit-kernel/issues/91 See: https://github.com/linux-audit/audit-kernel/issues/92 See: https://github.com/linux-audit/audit-userspace/issues/40 See: https://github.com/linux-audit/audit-kernel/wiki/RFE-Audit-Container-ID