Fix custom seccomp profiles (#795)

DataDog · May 22, 2023 · a82c8e3 · a82c8e3
1 parent 0764c20
commit a82c8e3
Showing 1 changed file with 9 additions and 22 deletions.
diff --git a/controllers/datadogagent/override/container.go b/controllers/datadogagent/override/container.go
@@ -113,7 +113,6 @@ func overrideContainer(container *corev1.Container, override *v2alpha1.DatadogAg
 func overrideSeccompProfile(containerName commonv1.AgentContainerName, manager feature.PodTemplateManagers, override *v2alpha1.DatadogAgentGenericContainer) {
 	// NOTE: for now, only support custom Seccomp Profiles on the System Probe
 	if containerName == commonv1.SystemProbeContainerName {
-		seccompRootPath := common.SeccompRootVolumePath
 		if override.SeccompConfig != nil && override.SeccompConfig.CustomRootPath != nil {
 			vol := corev1.Volume{
 				Name: common.SeccompRootVolumeName,
@@ -124,7 +123,6 @@ func overrideSeccompProfile(containerName commonv1.AgentContainerName, manager f
 				},
 			}
 			manager.Volume().AddVolume(&vol)
-			seccompRootPath = *override.SeccompConfig.CustomRootPath
 		}
 
 		// TODO support ConfigMap creation when ConfigData is used.
@@ -142,26 +140,15 @@ func overrideSeccompProfile(containerName commonv1.AgentContainerName, manager f
 			}
 			manager.Volume().AddVolume(&vol)
 
-			// Add workaround command to seccomp-setup container
-			for id, container := range manager.PodTemplateSpec().Spec.InitContainers {
-				if container.Name == string(commonv1.SeccompSetupContainerName) {
-					manager.PodTemplateSpec().Spec.InitContainers[id].Args = []string{
-						fmt.Sprintf("cp %s/%s-seccomp.json %s/%s",
-							common.SeccompSecurityVolumePath,
-							string(containerName),
-							seccompRootPath,
-							string(containerName),
-						),
-					}
-				}
-				// TODO: Support for custom Seccomp profiles on other containers will require updating the LocalhostProfile.
-				// 	manager.PodTemplateSpec().Spec.InitContainers[id].SecurityContext = &corev1.SecurityContext{
-				// 		SeccompProfile: &corev1.SeccompProfile{
-				// 			Type:             corev1.SeccompProfileTypeLocalhost,
-				// 			LocalhostProfile: apiutils.NewStringPointer(containerName),
-				// 		},
-				// 	}
-			}
+			// TODO: Support for custom Seccomp profiles on other containers will require updating the LocalhostProfile.
+			// for id, container := range manager.PodTemplateSpec().Spec.InitContainers {
+			// 	manager.PodTemplateSpec().Spec.InitContainers[id].SecurityContext = &corev1.SecurityContext{
+			// 		SeccompProfile: &corev1.SeccompProfile{
+			// 			Type:             corev1.SeccompProfileTypeLocalhost,
+			// 			LocalhostProfile: apiutils.NewStringPointer(containerName),
+			// 		},
+			// 	}
+			// }
 		}
 	}
 }