Skip to content

Commit

Permalink
🔨 Remove CHECKPOINT_RESTORE capability from defaults
Browse files Browse the repository at this point in the history
  • Loading branch information
@mertyildiran
mertyildiran committed Feb 26, 2024
1 parent 09afa19 commit 8fe0544
Show file tree
Hide file tree
Showing 4 changed files with 0 additions and 9 deletions.
4 changes: 0 additions & 4 deletions config/configStruct.go
View file
Expand Up @@ -41,8 +41,6 @@ func CreateDefaultConfig() ConfigStruct {
"SYS_PTRACE",
// DAC_OVERRIDE is required to read /proc/PID/environ
"DAC_OVERRIDE",
// CHECKPOINT_RESTORE is required to readlink /proc/PID/exe (kernel > 5.9)
"CHECKPOINT_RESTORE",
},
KernelModule: []string{
// SYS_MODULE is required to install kernel modules
Expand All @@ -55,8 +53,6 @@ func CreateDefaultConfig() ConfigStruct {
"SYS_PTRACE",
// SYS_RESOURCE is required to change rlimits for eBPF
"SYS_RESOURCE",
// CHECKPOINT_RESTORE is required to readlink /proc/PID/exe (kernel > 5.9)
"CHECKPOINT_RESTORE",
// IPC_LOCK is required for ebpf perf rings (kernel > )
"IPC_LOCK",
},
Expand Down
1 change: 0 additions & 1 deletion helm-chart/templates/14-openshift-security-context-constraints.yaml
View file
Expand Up @@ -27,7 +27,6 @@ allowedCapabilities:
- SYS_PTRACE
- DAC_OVERRIDE
- SYS_RESOURCE
- CHECKPOINT_RESTORE
- SYS_MODULE
runAsUser:
type: RunAsAny
Expand Down
2 changes: 0 additions & 2 deletions helm-chart/values.yaml
View file
Expand Up @@ -97,14 +97,12 @@ tap:
- SYS_ADMIN
- SYS_PTRACE
- DAC_OVERRIDE
- CHECKPOINT_RESTORE
kernelModule:
- SYS_MODULE
ebpfCapture:
- SYS_ADMIN
- SYS_PTRACE
- SYS_RESOURCE
- CHECKPOINT_RESTORE
- IPC_LOCK
globalFilter: ""
metrics:
Expand Down
2 changes: 0 additions & 2 deletions manifests/complete.yaml
View file
Expand Up @@ -425,7 +425,6 @@ spec:
- SYS_ADMIN
- SYS_PTRACE
- DAC_OVERRIDE
- CHECKPOINT_RESTORE
drop:
- ALL
readinessProbe:
Expand Down Expand Up @@ -480,7 +479,6 @@ spec:
- SYS_ADMIN
- SYS_PTRACE
- SYS_RESOURCE
- CHECKPOINT_RESTORE
- IPC_LOCK
drop:
- ALL
Expand Down

0 comments on commit 8fe0544

Please sign in to comment.