ROX-18838: Remove docker socket mountpoint from collector container. (#…

…1277) We cannot remove the podman socket yet, because it would disable podman runtime cgroup parsing (falcosecurity/libs#296)
stackrox · Aug 14, 2023 · dff3274 · dff3274
1 parent e499762
commit dff3274
Showing 1 changed file with 9 additions and 8 deletions.
diff --git a/integration-tests/suites/common/collector_manager.go b/integration-tests/suites/common/collector_manager.go
@@ -51,14 +51,15 @@ func NewCollectorManager(e Executor, name string) *CollectorManager {
 		env["MODULE_DOWNLOAD_BASE_URL"] = "https://collector-modules.stackrox.io/612dd2ee06b660e728292de9393e18c81a88f347ec52a39207c5166b5302b656"
 	}
 	mounts := map[string]string{
-		"/host/var/run/docker.sock:ro": runtimeOptions.Socket,
-		"/run/podman/podman.sock:ro":   runtimeOptions.Socket,
-		"/host/proc:ro":                "/proc",
-		"/host/etc:ro":                 "/etc/",
-		"/host/usr/lib:ro":             "/usr/lib/",
-		"/host/sys:ro":                 "/sys/",
-		"/host/dev:ro":                 "/dev",
-		"/tmp":                         "/tmp",
+		// The presence of this socket disables an optimisation, which would turn off podman runtime parsing.
+		// https://github.com/falcosecurity/libs/pull/296
+		"/run/podman/podman.sock:ro": runtimeOptions.Socket,
+		"/host/proc:ro":              "/proc",
+		"/host/etc:ro":               "/etc/",
+		"/host/usr/lib:ro":           "/usr/lib/",
+		"/host/sys:ro":               "/sys/",
+		"/host/dev:ro":               "/dev",
+		"/tmp":                       "/tmp",
 		// /module is an anonymous volume to reflect the way collector
 		// is usually run in kubernetes (with in-memory volume for /module)
 		"/module": "",