Hi, turning a developer topic post into a FR, this is the original thread: Mount hosts /proc & /sys into add on container
Basically, for certain advanced container monitoring abilities, appliances such as datadog/agent require mounting of /proc and /sys/fs/cgroup into the agent container. While mounting docker.sock is covered via docker_api:true, neither /proc nor /sys/** is currently allowed to be mounted in devices: via an addon. (gpio and filetree get a couple of special hardcoded exceptions)
I understand allowing an addon to do this would, at minimum, require turning off all relevant security flags.
I am happy to contribute a PR if this is acceptable.