Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cap of Go auto-instrumentation #5889

Closed
dzy176 opened this issue Jan 7, 2025 · 6 comments
Closed

Cap of Go auto-instrumentation #5889

dzy176 opened this issue Jan 7, 2025 · 6 comments
Labels
bug Something isn't working sig:operator

Comments

@dzy176
Copy link
Contributor

dzy176 commented Jan 7, 2025

https://github.com/open-telemetry/opentelemetry.io/blob/main/content/en/docs/kubernetes/operator/automatic.md?plain=1#L532C1-L539C4

securityContext:
  capabilities:
    add:
    - SYS_PTRACE
  privileged: true
  runAsUser: 0

If a container is already privileged, what is the purpose of explicitly adding SYS_PTRACE?
@dzy176 dzy176 added the bug Something isn't working label Jan 7, 2025
@svrnm
Copy link
Member

svrnm commented Jan 7, 2025

@open-telemetry/operator-approvers @open-telemetry/go-instrumentation-approvers PTAL!

@swiatekm
Copy link
Contributor

swiatekm commented Jan 7, 2025

The operator does not set that capability, nor do we mention it in our documentation, so it looks like it should be removed. @TylerHelmuth is that correct?

@dzy176
Copy link
Contributor Author

dzy176 commented Jan 7, 2025

I have submitted a PR. #5890

refer to open-telemetry/opentelemetry-go-instrumentation#388

@grcevski
Copy link

grcevski commented Jan 7, 2025

I agree, with privileged:true we don't need to additionally specify the PTRACE capability.

cartermp added a commit that referenced this issue Jan 7, 2025
@cartermp
Remove SYS_PTRACE from otel go autoinstrumentation
b9cef0c 
This is not needed, see #5889
@cartermp cartermp mentioned this issue Jan 7, 2025
Closed
@cartermp
Copy link
Contributor

cartermp commented Jan 7, 2025

Oh that's great that it's not needed anymore! I recall in the early days of this instrumentation it was, or at least it was assumed to be needed. Opened PR here: #5895

@cartermp
Copy link
Contributor

cartermp commented Jan 8, 2025

Fixed, thanks @dzy176

@cartermp cartermp closed this as completed Jan 8, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working sig:operator
Projects
SIG Comms: PRs & Issues
Status: Done
Milestone
No milestone
Development

No branches or pull requests
5 participants
@svrnm @grcevski @cartermp @dzy176 @swiatekm