Do not add capabilities when privileged: false

Previously, the test-operator was spawning pods with NET_ADMIN and
NET_RAW capabilities even when privileged: false. Setting these
two capabilities requires elevated securitycontextconstraint.

This commit addresses this issue by using extra capabilities only
when privileged: true.

Author: lpiwowar

pkg/util/common.go

@@ -16,9 +16,7 @@ func GetSecurityContext(
 		RunAsUser:                &runAsUser,
 		RunAsGroup:               &runAsUser,
 		AllowPrivilegeEscalation: &falseVar,
-		Capabilities: &corev1.Capabilities{
-			Add: addCapabilities,
-		},
+		Capabilities:             &corev1.Capabilities{},
 		SeccompProfile: &corev1.SeccompProfile{
 			Type: corev1.SeccompProfileTypeRuntimeDefault,
 		},
@@ -28,6 +26,7 @@ func GetSecurityContext(
 		// We need to run pods with AllowPrivilegedEscalation: true to remove
 		// nosuid from the pod (in order to be able to run sudo)
 		securityContext.AllowPrivilegeEscalation = &trueVar
+		securityContext.Capabilities.Add = addCapabilities
 	}
 
 	if !privileged {