From 4ff8ebb3860947fcc3ace47f03df2df0514ed3c9 Mon Sep 17 00:00:00 2001
From: Nico Koprowski <nico.koprowski@abat.de>
Date: Fri, 25 Oct 2024 13:43:19 +0800
Subject: [PATCH] fix(charts): missing security context in BPDM init containers

---
 charts/bpdm/charts/bpdm-common/templates/_deployment.tpl | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/charts/bpdm/charts/bpdm-common/templates/_deployment.tpl b/charts/bpdm/charts/bpdm-common/templates/_deployment.tpl
index 0cd905224..47a26f198 100644
--- a/charts/bpdm/charts/bpdm-common/templates/_deployment.tpl
+++ b/charts/bpdm/charts/bpdm-common/templates/_deployment.tpl
@@ -83,6 +83,15 @@ spec:
       initContainers:
         - name: startup-delay
           image: busybox:1.28
+          securityContext:
+            allowPrivilegeEscalation: false
+            runAsNonRoot: true
+            readOnlyRootFilesystem: true
+            runAsUser: 10001
+            runAsGroup: 10001
+            capabilities:
+              drop:
+                - ALL
           command: ['sh', '-c', "sleep {{ $.Values.startupDelaySeconds }}"]
       {{- with .Values.nodeSelector }}
       nodeSelector: