Only skip audit restart handler in docker

[nejch]

Thanks again for this collection!

We use this as a dependency in our own lightweight wrapper hardening collection. We test some auditd rules, so we spin up proper vagrant or ec2 machines, and would like to run some verify tasks on them. But we need to run the auditd handler in order to see that rules are applied correctly.

This narrows down the when condition to only skip if the docker driver is present. Would this make sense? I can extend this if needed, maybe I missed a few other use cases.

/cc @dlouzan @bufferoverflow

[nejch]

Logs from runs in this PR, VM vs. docker:

• https://github.com/dev-sec/ansible-collection-hardening/actions/runs/4185625811/jobs/7252945705#step:3:2103 (debian11, VM, changed)
• https://github.com/dev-sec/ansible-collection-hardening/actions/runs/4185625808/jobs/7252945678#step:6:2170 (debian11, docker, skipped)

Compare with PR run from last week (debian11, VM, skipped):
https://github.com/dev-sec/ansible-collection-hardening/actions/runs/4111852365/jobs/7097787142#step:3:2103

[rndmh3ro]

I like it! We cann now see if a restart would fail, so it improves our tests!

Thanks for the PR!

BTW:

We use this as a dependency in our own lightweight wrapper hardening collection. We test some auditd rules, so we spin up proper vagrant or ec2 machines.

We have plans to add support for auditd-rules (while providing some default rules). There's a rather old PR here but it's not forgotten. Would you be interested in this?

[nejch]

We have plans to add support for auditd-rules (while providing some default rules). There's a rather old PR here but it's not forgotten. Would you be interested in this?

@rndmh3ro definitely, I saw that PR and was actually going to comment there to see if there's interest in it still. It would also significantly simplify our wrapper I think.

Just cc me there if there is any movement already otherwise I will get in touch as well :)