I am launching an osquery agent inside the Daemonset and would like to enable eventing framework. The goal is to make osquery eventing framework for a k8s environment. The osquery eventing framework taps into auditd to capture event traces. Auditd doesn't work inside a container. What are my options? Looking at Auditd, it seems that opening a Netlink socket connection can consume auditd messages in the user space. Is there a way for me to open a netlink connection from the container to the host kernel?