[$] An audit container ID proposal
The kernel development community has consistently resisted adding anyformal notion of what a "container" is to the kernel. While the neededbuilding blocks (namespaces, control groups, etc.) are provided, it is upto user space to assemble the pieces into the sort of containerimplementation it needs. This approach maximizes flexibility and makes itpossible to implement a number of different container abstractions, but italso can make it hard to associate events in the kernel with the containerthat caused them. Audit container IDs are an attempt to fix that problemfor one specific use case; they have not been universally well received inthe past, but work on this mechanism continues regardless.