From 8378e6b0c40d360da2da791f1dab6787618e07ca Mon Sep 17 00:00:00 2001
From: wumbrat <winfried.umbrath@mercedes-benz.com>
Date: Thu, 3 Nov 2022 14:29:53 +0100
Subject: [PATCH] Set allowPrivilegeEscalation to false as default value for
 the service orchestrator

---
 operator/controllers/seldondeployment_engine.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/operator/controllers/seldondeployment_engine.go b/operator/controllers/seldondeployment_engine.go
index 62ecd64d12..9b09f6ff95 100644
--- a/operator/controllers/seldondeployment_engine.go
+++ b/operator/controllers/seldondeployment_engine.go
@@ -337,7 +337,8 @@ func createEngineContainer(mlDep *machinelearningv1.SeldonDeployment, p *machine
 	}
 
 	if engineUser != nil {
-		c.SecurityContext = &corev1.SecurityContext{RunAsUser: engineUser}
+		escalationDefault := false
+		c.SecurityContext = &corev1.SecurityContext{RunAsUser: engineUser, AllowPrivilegeEscalation: &escalationDefault}
 	}
 
 	// Environment vars if specified