From cf3ce0180b34d49bb3fda58b2dad725673f38e53 Mon Sep 17 00:00:00 2001
From: "M. Mert Yildiran" <me@mertyildiran.com>
Date: Mon, 4 Dec 2023 22:39:21 +0300
Subject: [PATCH] :hammer: Remove the unnecessary Linux capabilities

---
 helm-chart/templates/09-worker-daemon-set.yaml | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/helm-chart/templates/09-worker-daemon-set.yaml b/helm-chart/templates/09-worker-daemon-set.yaml
index d791ac1c3..77cfa4c96 100644
--- a/helm-chart/templates/09-worker-daemon-set.yaml
+++ b/helm-chart/templates/09-worker-daemon-set.yaml
@@ -67,11 +67,10 @@ spec:
               add:
                 - NET_RAW
                 - NET_ADMIN
-                - SYS_ADMIN
-                - SYS_PTRACE
-                - DAC_OVERRIDE
+                {{- if not .Values.tap.noKernelModule }}
                 - SYS_MODULE
                 - CHECKPOINT_RESTORE
+                {{- end }}
               drop:
                 - ALL
           readinessProbe:
@@ -120,13 +119,10 @@ spec:
           securityContext:
             capabilities:
               add:
-                - NET_RAW
-                - NET_ADMIN
                 - SYS_ADMIN
                 - SYS_PTRACE
                 - DAC_OVERRIDE
                 - SYS_RESOURCE
-                - CHECKPOINT_RESTORE
               drop:
                 - ALL
           volumeMounts: