image: auditd
network: true
config:
  pid: host
  binds:
    - /var/log:/var/log
  capabilities:
    - CAP_AUDIT_CONTROL
    - CAP_AUDIT_READ
    - CAP_AUDIT_WRITE
    - CAP_SYS_NICE