From 081d51e77d5138b08cdf6cd347b5174996131c90 Mon Sep 17 00:00:00 2001
From: Saul Paredes <saulparedes@microsoft.com>
Date: Fri, 24 Oct 2025 16:50:11 -0700
Subject: [PATCH] webhook: allow privileged containers

As of https://microsoft.visualstudio.com/OS/_workitems/edit/48222512?src=WorkItemMention&src-action=artifact_link ,
we are able to run privileged containers on kata, so allow them through the webhook.

Signed-off-by: Saul Paredes <saulparedes@microsoft.com>
---
 tools/testing/kata-webhook/main.go | 9 ---------
 1 file changed, 9 deletions(-)

diff --git a/tools/testing/kata-webhook/main.go b/tools/testing/kata-webhook/main.go
index e0e89163ee..9eb94e048a 100644
--- a/tools/testing/kata-webhook/main.go
+++ b/tools/testing/kata-webhook/main.go
@@ -58,15 +58,6 @@ func annotatePodMutator(_ context.Context, ar *kwhmodel.AdmissionReview, obj met
 		return &kwhmutating.MutatorResult{}, nil
 	}
 
-	for i := range pod.Spec.Containers {
-		if pod.Spec.Containers[i].SecurityContext != nil && pod.Spec.Containers[i].SecurityContext.Privileged != nil {
-			if *pod.Spec.Containers[i].SecurityContext.Privileged {
-				fmt.Println("privileged container: ", pod.GetNamespace(), pod.GetName())
-				return &kwhmutating.MutatorResult{}, nil
-			}
-		}
-	}
-
 	if pod.Spec.RuntimeClassName != nil {
 		fmt.Println("explicit runtime: ", pod.GetNamespace(), pod.GetName(), pod.Spec.RuntimeClassName)
 		return &kwhmutating.MutatorResult{}, nil