From 45da300768591e2fd471ab64e7d7d6318c56d253 Mon Sep 17 00:00:00 2001
From: Kanha gupta <kanhag4163@gmail.com>
Date: Wed, 15 May 2024 00:45:24 +0530
Subject: [PATCH] Added container security capability

Signed-off-by: Kanha gupta <kanhag4163@gmail.com>
---
 pkg/antctl/raw/check/cluster/command.go |  5 +++++
 pkg/antctl/raw/check/util.go            | 30 +++++++++++++------------
 2 files changed, 21 insertions(+), 14 deletions(-)

diff --git a/pkg/antctl/raw/check/cluster/command.go b/pkg/antctl/raw/check/cluster/command.go
index e6c80aaf82c..07c3ae313ce 100644
--- a/pkg/antctl/raw/check/cluster/command.go
+++ b/pkg/antctl/raw/check/cluster/command.go
@@ -171,6 +171,11 @@ func (t *testContext) setup(ctx context.Context) error {
 		NodeSelector: map[string]string{
 			"kubernetes.io/os": "linux",
 		},
+		SecurityContext: &corev1.SecurityContext{
+			Capabilities: &corev1.Capabilities{
+				Add: []corev1.Capability{"SYS_MODULE"},
+			},
+		},
 	})
 
 	t.Log("Creating Deployment")
diff --git a/pkg/antctl/raw/check/util.go b/pkg/antctl/raw/check/util.go
index 1652ea9835a..c75e4e6619d 100644
--- a/pkg/antctl/raw/check/util.go
+++ b/pkg/antctl/raw/check/util.go
@@ -152,6 +152,7 @@ func NewDeployment(p DeploymentParameters) *appsv1.Deployment {
 							Command:         p.Command,
 							Args:            p.Args,
 							VolumeMounts:    p.VolumeMounts,
+							SecurityContext: p.SecurityContext,
 						},
 					},
 					Tolerations: p.Tolerations,
@@ -164,20 +165,21 @@ func NewDeployment(p DeploymentParameters) *appsv1.Deployment {
 }
 
 type DeploymentParameters struct {
-	Name         string
-	Role         string
-	Image        string
-	Replicas     int
-	Port         int
-	Command      []string
-	Args         []string
-	Affinity     *corev1.Affinity
-	Tolerations  []corev1.Toleration
-	Labels       map[string]string
-	VolumeMounts []corev1.VolumeMount
-	Volumes      []corev1.Volume
-	HostNetwork  bool
-	NodeSelector map[string]string
+	Name            string
+	Role            string
+	Image           string
+	Replicas        int
+	Port            int
+	Command         []string
+	Args            []string
+	Affinity        *corev1.Affinity
+	Tolerations     []corev1.Toleration
+	Labels          map[string]string
+	VolumeMounts    []corev1.VolumeMount
+	Volumes         []corev1.Volume
+	HostNetwork     bool
+	NodeSelector    map[string]string
+	SecurityContext *corev1.SecurityContext
 }
 
 func WaitForDeploymentsReady(ctx context.Context,