-
Notifications
You must be signed in to change notification settings - Fork 98
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix runtime security config mount #342
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This pull request does not contain a valid label. Please add one of the following labels: bug, enhancement, documentation
Codecov Report
@@ Coverage Diff @@
## main #342 +/- ##
===========================================
+ Coverage 38.09% 63.98% +25.88%
===========================================
Files 63 61 -2
Lines 11248 6694 -4554
===========================================
- Hits 4285 4283 -2
+ Misses 6656 2104 -4552
Partials 307 307
Flags with carried forward coverage won't be shown. Click here to find out more.
Continue to review full report at Codecov.
|
32b230a
to
e0b8ea2
Compare
e0b8ea2
to
ac8b660
Compare
@@ -1761,6 +1745,14 @@ func getVolumeMountsForSecurityAgent(dda *datadoghqv1alpha1.DatadogAgent) []core | |||
}...) | |||
} | |||
|
|||
if runtimeEnabled { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/etc/datadog-agent/runtime-security.d is not used by security-agent, only by system-probe
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have added here, if later on it is the case.
What does this PR do?
Fix issue with "security-runtime" policyDir configuration. which was removing the default configuration. Now the configuration provided by
policyDir
are added to the/etc/datadog-agent/runtime-security.d
folder.Motivation
give more flexibility to the runtime policies configuration.
Additional Notes
N/A
Describe your test plan
try to deploy the datadogagent with runtime-security enable. with 2 different configs
default.policy
configuration should be present in/etc/datadog-agent/runtime-security.d
default.policy
configuration and thecustom.policy
files should be presentyou can use the following configmap: