[system-probe] Update seccomp profile and capabilities for system pro…

…be (#140)

System probe fails start due to missing calls in the seccomp profile with Agent 7.22.0.

This matches what we have currently in the helm chart.

pkg/controller/datadogagent/systemprobe.go

@@ -122,6 +122,8 @@ const systemProbeSecCompData = `{
 			"epoll_wait",
 			"epoll_wait",
 			"epoll_wait_old",
+			"eventfd",
+			"eventfd2",
 			"execve",
 			"execveat",
 			"exit",
@@ -140,10 +142,10 @@ const systemProbeSecCompData = `{
 			"futex",
 			"getcwd",
 			"getdents",
+			"getdents64",
 			"getegid",
 			"geteuid",
 			"getgid",
-			"getdents64",
 			"getpeername",
 			"getpid",
 			"getppid",
@@ -168,11 +170,13 @@ const systemProbeSecCompData = `{
 			"lseek",
 			"lstat",
 			"lstat64",
+			"madvise",
 			"mkdir",
 			"mkdirat",
 			"mmap",
 			"mmap2",
 			"mprotect",
+			"mremap",
 			"munmap",
 			"nanosleep",
 			"newfstatat",
@@ -185,6 +189,7 @@ const systemProbeSecCompData = `{
 			"poll",
 			"ppoll",
 			"prctl",
+			"pread64",
 			"prlimit64",
 			"pselect6",
 			"read",

pkg/controller/datadogagent/utils.go

@@ -288,7 +288,7 @@ func getSystemProbeContainers(dda *datadoghqv1alpha1.DatadogAgent) ([]corev1.Con
 		},
 		SecurityContext: &corev1.SecurityContext{
 			Capabilities: &corev1.Capabilities{
-				Add: []corev1.Capability{"SYS_ADMIN", "SYS_RESOURCE", "SYS_PTRACE", "NET_ADMIN", "IPC_LOCK"},
+				Add: []corev1.Capability{"SYS_ADMIN", "SYS_RESOURCE", "SYS_PTRACE", "NET_ADMIN", "NET_BROADCAST", "IPC_LOCK"},
 			},
 		},
 		Env:          systemProbeEnvVars,