fix: remove --skip-file-capabilities flag

Author: pkoutsovasilis

internal/pkg/agent/cmd/container.go

@@ -45,8 +45,6 @@ const (
 	defaultStateDirectory    = "/usr/share/elastic-agent/state" // directory that will hold the state data
 	agentBaseDirectory       = "/usr/share/elastic-agent"       // directory that holds all elastic-agent related files
 
-	skipFileCapabilitiesFlag = "skip-file-capabilities"
-
 	logsPathPerms = 0775
 )
 
@@ -142,15 +140,13 @@ all the above actions will be skipped, because the Elastic Agent has already bee
 occurs on every start of the container set FLEET_FORCE to 1.
 `,
 		Run: func(c *cobra.Command, args []string) {
-			if err := logContainerCmd(c, streams); err != nil {
+			if err := logContainerCmd(streams); err != nil {
 				logError(streams, err)
 				os.Exit(1)
 			}
 		},
 	}
 
-	cmd.Flags().Bool(skipFileCapabilitiesFlag, false, "skip setting file capabilities")
-
 	return &cmd
 }
 
@@ -162,13 +158,8 @@ func logInfo(streams *cli.IOStreams, a ...interface{}) {
 	fmt.Fprintln(streams.Out, a...)
 }
 
-func logContainerCmd(cmd *cobra.Command, streams *cli.IOStreams) error {
-	skipFileCapabilities, err := cmd.Flags().GetBool(skipFileCapabilitiesFlag)
-	if err != nil {
-		return err
-	}
-
-	shouldExit, err := initContainer(streams, skipFileCapabilities)
+func logContainerCmd(streams *cli.IOStreams) error {
+	shouldExit, err := initContainer(streams)
 	if err != nil {
 		return err
 	}

internal/pkg/agent/cmd/container_init_linux.go

@@ -33,37 +33,34 @@ var (
 // - chown all agent-related paths if DAC_OVERRIDE capability is not in the Effective set
 // If new binary capabilities are set then the returned cmd will be not nil. Note that it is up to caller to invoke
 // the returned cmd and spawn an agent instance with all the capabilities.
-func initContainer(streams *cli.IOStreams, skipFileCapabilities bool) (shouldExit bool, err error) {
+func initContainer(streams *cli.IOStreams) (shouldExit bool, err error) {
 	isRoot, err := utils.HasRoot()
 	if err != nil {
 		return true, err
 	}
-	if !skipFileCapabilities && !isRoot {
+	if !isRoot {
 		executable, err := os.Executable()
 		if err != nil {
 			return true, err
 		}
 
-		logInfo(streams, "agent container initialisation - file capabilities")
+		logInfo(streams, "agent container initialisation - checking file capabilities")
 		updated, err := updateFileCapsFromBoundingSet(executable)
 		if err != nil {
 			return true, err
 		}
 
 		if updated {
+			logInfo(streams, "agent container initialisation - re-exec")
 			// new capabilities were added thus we need to re-exec agent to pick them up
 			args := []string{filepath.Base(executable)}
 			if len(os.Args) > 1 {
 				args = append(args, os.Args[1:]...)
 			}
-			// add skipFileCapabilitiesFlag flag to skip reapplying the file capabilities
-			args = append(args, fmt.Sprintf("--%s", skipFileCapabilitiesFlag))
 
 			return true, unix.Exec(executable, args, os.Environ())
 		}
-	}
 
-	if !isRoot {
 		// if we are not root, we need to raise the ambient capabilities
 		logInfo(streams, "agent container initialisation - ambient capabilities")
 		if err := raiseAmbientCapabilities(); err != nil {

internal/pkg/agent/cmd/container_init_other.go

@@ -10,6 +10,6 @@ import (
 	"github.com/elastic/elastic-agent/internal/pkg/cli"
 )
 
-func initContainer(streams *cli.IOStreams, skipFileCapabilities bool) (shouldExit bool, err error) {
+func initContainer(streams *cli.IOStreams) (shouldExit bool, err error) {
 	return false, nil
 }