switch SYS_PTRACE from main- to copilot container

[fiedlerNr9]

Tracking issue

Why are the changes needed?

What changes were proposed in this pull request?

How was this patch tested?

Labels

Please add one or more of the following labels to categorize your PR:

• added: For new features.
• changed: For changes in existing functionality.
• deprecated: For soon-to-be-removed features.
• removed: For features being removed.
• fixed: For any bug fixed.
• security: In case of vulnerabilities

This is important to improve the readability of release notes.

Setup process

Screenshots

Check all the applicable boxes

• I updated the documentation accordingly.
• All new and existing tests passed.
• All commits are signed-off.

Related PRs

Docs link

Summary by Bito

This PR moves SYS_PTRACE capability configuration from the main container to the copilot container by modifying security contexts. It centralizes ptrace management in the copilot container for improved security and clarity, but the implementation has removed necessary security context initialization code.

Unit tests added: False

Estimated effort to review (1-5, lower is better): 1

[flyte-bot]

Code Review Agent Run #cdf109

Actionable Suggestions - 0

Review Details

• Files reviewed - 1 · Commit Range: d99aad9..d99aad9

  • flyteplugins/go/tasks/pluginmachinery/flytek8s/copilot.go
• Files skipped - 0
• Tools

  • Whispers (Secret Scanner) - ✔︎ Successful
  • Detect-secrets (Secret Scanner) - ✔︎ Successful

---

Bito Usage Guide

Commands

Type the following command in the pull request comment and save the comment.

• /review - Manually triggers a full AI review.

Refer to the documentation for additional commands.

Configuration

This repository uses code_review_bito You can customize the agent settings here or contact your Bito workspace admin at [email protected].

Documentation & Help

• Review rules
• General documentation
• FAQ

AI Code Review powered by

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 57.88%. Comparing base (f2a1ad7) to head (d99aad9).

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #6395      +/-   ##
==========================================
- Coverage   58.49%   57.88%   -0.61%     
==========================================
  Files         940      774     -166     
  Lines       71554    57337   -14217     
==========================================
- Hits        41853    33189    -8664     
+ Misses      26520    21651    -4869     
+ Partials     3181     2497     -684     

Flag	Coverage Δ
unittests-datacatalog	59.03% <ø> (ø)
unittests-flyteadmin	56.28% <ø> (ø)
unittests-flytecopilot	30.99% <ø> (ø)
unittests-flytectl	64.70% <ø> (ø)
unittests-flyteidl	76.12% <ø> (ø)
unittests-flyteplugins	?
unittests-flytepropeller	54.79% <ø> (ø)
unittests-flytestdlib	64.04% <ø> (+0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[flyte-bot]

Changelist by Bito

This pull request implements the following key changes.

Key Change	Files Impacted
Feature Improvement - CoPilot Container Security Context Update	- copilot.go - Introduced a new SecurityContext with pTraceCapability in FlyteCoPilotContainer and removed redundant security context setup in AddCoPilotToContainer to consolidate ptrace configuration in the copilot container.