diff --git a/images/operator/Dockerfile b/images/operator/Dockerfile
index 76e38db5ac9aa..5388e130c3e47 100644
--- a/images/operator/Dockerfile
+++ b/images/operator/Dockerfile
@@ -55,6 +55,10 @@ RUN --mount=type=bind,readwrite,target=/go/src/github.com/cilium/cilium \
     ./build-gops.sh
 
 FROM ${BASE_IMAGE} AS release
+
+# Datadog Modification: operator has to run as root
+USER root
+
 # TARGETOS is an automatic platform ARG enabled by Docker BuildKit.
 ARG TARGETOS
 # TARGETARCH is an automatic platform ARG enabled by Docker BuildKit.
diff --git a/images/runtime/Dockerfile b/images/runtime/Dockerfile
index 4e5573d9c94ce..f0b14939e1a6d 100644
--- a/images/runtime/Dockerfile
+++ b/images/runtime/Dockerfile
@@ -27,6 +27,9 @@ RUN --mount=type=bind,readwrite,target=/go/src/github.com/cilium/cilium/images/r
 
 FROM ${UBUNTU_IMAGE} AS rootfs
 
+# Datadog modification: to be able to run APT we need to be root, Cilium also need to run as root
+USER root
+
 # Change the number to force the generation of a new git-tree SHA. Useful when
 # we want to re-run 'apt-get upgrade' for stale images.
 ENV FORCE_BUILD=3
@@ -60,6 +63,5 @@ COPY --from=bpftool-dist /test /test
 RUN /test/bin/cst -C /test/llvm
 RUN /test/bin/cst -C /test/bpftool
 
-FROM scratch
-LABEL maintainer="maintainer@cilium.io"
-COPY --from=rootfs / /
+# Datadog modification: do not squash the layers to not lose GBI labels
+FROM rootfs