Has anyone successfully enabled eventing framework through Daemonset? I want to host the osquery agent as a Daemonset but would like to enable process eventing. Auditd won't lauch within the container. How do I open up a netlink socket from the container to the host? Any other approach that would work?

It would need to run as privileged

@Mithya, if it is docker container, use --pid=host. Reason is in order to open a netlink socket process has to run in the host pid namespace in other words pid namespace of the process has to be same as pid namespace of the init process