When running docker inside of a container, journald is failing because we have removed AUDIT_READ. We don't want to allow containers to read audit data, so journald should fail this check and continue. Perhaps it could check if AUDIT_READ capability is missing and not report an error.
This was blowing up on systemd in fedora 22 container, seems to work in fedora 23.