container create: add inspect data to event

When the new `events_container_create_inspect_data` option is enabled in
containers.conf set the `ContainersInspectData` event field for each
container-create event.

The data was requested for the purpose of auditing (e.g., intrusion
detection).

Jira: https://issues.redhat.com/browse/RUN-1702
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>

test/system/090-events.bats

@@ -249,3 +249,45 @@ EOF
     run_podman 125 --events-backend none events --stream=false
     is "$output" "Error: cannot read events with the \"none\" backend" "correct error message"
 }
+
+function _events_container_create_inspect_data {
+    containersConf=$PODMAN_TMPDIR/containers.conf
+    cat >$containersConf <<EOF
+[engine]
+events_logger="$1"
+events_container_create_inspect_data=true
+EOF
+
+    local cname=c$(random_string 15)
+    t0=$(date --iso-8601=seconds)
+
+    CONTAINERS_CONF=$containersConf run_podman create --name=$cname $IMAGE
+    run_podman container inspect --size=true $cname
+    inspect_json=$(jq -r --tab . <<< "$output")
+
+    run_podman --events-backend=$1 events \
+        --since="$t0"           \
+        --filter=status=$cname  \
+        --filter=status=create  \
+        --stream=false          \
+        --format="{{.ContainerInspectData}}"
+    events_json=$(jq -r --tab . <<< "[$output]")
+    assert "$inspect_json" = "$events_json" "JSON payload in event attributes is the same as the inspect one"
+
+    # Make sure that the inspect data doesn't show by default in
+    # podman-events.
+    run_podman --events-backend=$1 events \
+        --since="$t0"           \
+        --filter=status=$cname  \
+        --filter=status=create  \
+        --stream=false
+    assert "$output" != ".*ConmonPidFile.*"
+    assert "$output" != ".*EffectiveCaps.*"
+}
+
+@test "events - container inspect data" {
+    skip_if_remote "remote does not support --events-backend"
+
+    _events_container_create_inspect_data journald
+    _events_container_create_inspect_data file
+}