Is it possible to get information about the underlying host node from a container with osquery?
What I'm thinking is mounting in (via networking? or via a volume mount?) osqueryd and then having the client (and queries) inside of a container.
Is this possible? I read the docs and couldn't quite wrap my head around it.
Osquery works by accessing various system APIs and filesystem paths, and then presenting that information in structured SQL form. To report on a host, it much have access to the host.
I'm not familiar enough with all to corners of containers to know what's possible. But I think this is somewhat difficult.
Since you want osquery to access to the underling host, why have it in a container?