Tool does not seem to show events inside lxc

[giggls]

Neither way I can see events from inside lxc regardless if started inside the container or directly on the host machine.

[martinpitt]

Linux' fanotify() API is not really namespaced well. So you need privileged containers (like docker --privileged or podman --privileged) without the usual isolation. See https://ortiz.sh/linux/2020/01/11/FANOTIFY-DOCKER.html for some details.

I don't know how to apply that to LXC, but I'm afraid there isn't anything that fatrace can do about it.

Note that even with privileged containers it's not possible to watch all mount points. But --current-mount should work.