From bd5de3db8513fbd23262184ece00333264c6add3 Mon Sep 17 00:00:00 2001
From: Sheogorath <sheogorath@shivering-isles.com>
Date: Sun, 10 Sep 2023 14:41:51 +0200
Subject: [PATCH] feat(mastodon): Try to move Mastodon to PSS restricted
 compliance

---
 charts/mastodon/values.yaml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/charts/mastodon/values.yaml b/charts/mastodon/values.yaml
index 5542a5d80..cf075d243 100644
--- a/charts/mastodon/values.yaml
+++ b/charts/mastodon/values.yaml
@@ -163,7 +163,7 @@ mastodon:
     # -- Pod Security Context for Streaming Pods, overwrites .Values.podSecurityContext
     podSecurityContext: {}
     # -- (Streaming Container) Security Context for Streaming Pods, overwrites .Values.securityContext
-    securityContext: {}
+    securityContext:
     # -- (Streaming Container) Resources for Streaming Pods, overwrites .Values.resources
     resources: {}
     # limits:
@@ -381,9 +381,13 @@ externalAuth:
 # if you manually change the UID/GID environment variables, ensure these values
 # match:
 podSecurityContext:
+  allowPrivilegeEscalation: false
+  runAsNonRoot: true
   runAsUser: 991
   runAsGroup: 991
   fsGroup: 991
+  seccompProfile:
+    type: "RuntimeDefault"
 
 # @ignored
 securityContext: {}
-- 
GitLab