+1, I just ran into this while making a datadog agent add-on. There is no way currently to mount /proc and /sys/fs/cgroup, specifically, into the agent container, which enables various monitoring capabilities.
I would like a way to enable this in config, even if it requires turning off every single security flag.
Happy to contribute a PR if maintainers can weigh in on if such a thing would be acceptable.