Remove the AppArmor enforcement to remount /proc/sys

[wenjianhn]

In Ubuntu, AppArmor is installed and loaded by default. policy/policyinit.sh need to remount /proc/sys. It is forbidden per the below error message:

mount: /proc/sys: cannot remount rw read-write, is write-protected. dmesg(1) may have more information after failed mount system call.

Thit pach also removes the seccomp profile.

Fixes: 9d244207f829 ("daemon: privilege")

[l1b0k]

It might be more appropriate to directly expose the annotations and securityContext. Could you please consider adjusting the configuration accordingly?

[wenjianhn]

@l1b0k unfortunately, the version of the k8s that we are using doesn't support specifify AppArmor through securityContext.

$ kubectl apply -f test-appArmorProfile-netperf-l1-0.yaml                                                                                                                                        
error: error validating "test-appArmorProfile-netperf-l1-0.yaml": error validating data: ValidationError(Pod.spec.containers[0].securityContext): unknown field "appArmorProfile" in io.k8s.api.core.v1.SecurityContext; if you choose 
to ignore these errors, turn validation off with --validate=false   

How about using helm template --kube-version 1.30 like https://github.com/awslabs/mountpoint-s3-csi-driver/pull/262

[l1b0k]

To improve flexibility and compatibility across Kubernetes versions, it’s a good practice to directly expose annotations and securityContext in the values.yaml file.

# values.yaml

daemon:
  annotations: {}

  # Custom securityContext for the container.
  # Define only the fields that are safe and supported by your target K8s version.
  terway:
    securityContext:
        capabilities:
          add:
            - NET_ADMIN
            - DAC_OVERRIDE
          drop:
            - ALL