chore(shield): mount host root volume in write mode when responder is enabled (#2237)

Author: francesco-furlan

charts/shield/Chart.yaml

@@ -13,5 +13,5 @@ maintainers:
   - name: mavimo
     email: marcovito.moscaritolo@sysdig.com
 type: application
-version: 1.4.3
+version: 1.4.4
 appVersion: "1.0.0"

charts/shield/templates/host/daemonset.yaml

@@ -217,7 +217,9 @@ spec:
           {{- if (include "host.need_host_root" .) }}
             - mountPath: /host
               name: host-root
+          {{- if not (eq (include "host.response_actions_enabled" .) "true") }}
               readOnly: true
+          {{- end }}
           {{- if .Values.features.posture.host_posture.enabled }}
             - mountPath: /host/tmp
               name: host-tmp

charts/shield/tests/host/daemonset_test.yaml

@@ -268,7 +268,6 @@ tests:
           content:
             name: host-root
             mountPath: /host
-            readOnly: true
       - notExists:
           path: spec.template.spec.volumes[?(@.name == "host-tmp")]
 
@@ -290,7 +289,6 @@ tests:
           content:
             name: host-root
             mountPath: /host
-            readOnly: true
       - notExists:
           path: spec.template.spec.volumes[?(@.name == "host-tmp")]
 
@@ -318,7 +316,6 @@ tests:
           content:
             name: host-root
             mountPath: /host
-            readOnly: true
       - notExists:
           path: spec.template.spec.volumes[?(@.name == "host-tmp")]