From 5ab9e205c1368521046248e846bbf865be660712 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jos=C3=A9=20Antonio=20Calvo?= <jose.calvo@sysdig.com>
Date: Mon, 14 Apr 2025 15:26:05 +0200
Subject: [PATCH] fix(agent): place readOnly attributes for sysfs-vol correctly

---
 charts/agent/templates/daemonset.yaml       | 4 ++--
 charts/shield/templates/host/daemonset.yaml | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/charts/agent/templates/daemonset.yaml b/charts/agent/templates/daemonset.yaml
index 3eb2e9c80..daf742603 100644
--- a/charts/agent/templates/daemonset.yaml
+++ b/charts/agent/templates/daemonset.yaml
@@ -290,6 +290,7 @@ spec:
           {{- if and (not .Values.slim.enabled) (not (include "agent.gke.autopilot" .)) }}
             - mountPath: /host/sys/fs
               name: sysfs-vol
+              readOnly: true
             - mountPath: /etc/modprobe.d
               name: modprobe-d
               readOnly: true
@@ -330,6 +331,7 @@ spec:
               name: varrun-vol
             - mountPath: /host/sys/fs
               name: sysfs-vol
+              readOnly: true
             {{- if (include "agent.ebpfEnabled" .) }}
             - mountPath: /root/.sysdig
               name: bpf-probes
@@ -436,7 +438,6 @@ spec:
       {{- /* Slim = false, Autopilot = false */}}
       {{- if and (not .Values.slim.enabled) (not (include "agent.gke.autopilot" .)) }}
         - name: sysfs-vol
-          readOnly: true
           hostPath:
             path: /sys/fs
         - name: modprobe-d
@@ -472,7 +473,6 @@ spec:
       {{- /* Slim = true, Autopilot = false */}}
       {{- if and (.Values.slim.enabled) (not (include "agent.gke.autopilot" .)) }}
         - name: sysfs-vol
-          readOnly: true
           hostPath:
             path: /sys/fs
         - name: modprobe-d
diff --git a/charts/shield/templates/host/daemonset.yaml b/charts/shield/templates/host/daemonset.yaml
index c432bf60d..b6c497a56 100644
--- a/charts/shield/templates/host/daemonset.yaml
+++ b/charts/shield/templates/host/daemonset.yaml
@@ -198,6 +198,7 @@ spec:
               name: varrun-vol
             - mountPath: /host/sys/fs
               name: sysfs-vol
+              readOnly: true
             {{- if (include "host.driver.is_ebpf" .) }}
             - mountPath: /root/.sysdig
               name: bpf-probes
@@ -273,7 +274,6 @@ spec:
       {{- /* Autopilot = false */}}
       {{- if not  (include "common.cluster_type.is_gke_autopilot" .) }}
         - name: sysfs-vol
-          readOnly: true
           hostPath:
             path: /sys/fs
         - name: modprobe-d