From 9e9795b845a74937b0a10d16b3860e47711185e6 Mon Sep 17 00:00:00 2001
From: adria <adrian.romero@arangodb.com>
Date: Mon, 17 Nov 2025 11:03:59 +0100
Subject: [PATCH] fix: disable privilege escalation for integration sidecar

---
 pkg/util/k8sutil/pods.go | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/pkg/util/k8sutil/pods.go b/pkg/util/k8sutil/pods.go
index 8a26af860..33c2c22f3 100644
--- a/pkg/util/k8sutil/pods.go
+++ b/pkg/util/k8sutil/pods.go
@@ -783,10 +783,11 @@ func CreateDefaultContainerTemplate(image *schedulerContainerResourcesApi.Image)
 		},
 		Security: &schedulerContainerResourcesApi.Security{
 			SecurityContext: &core.SecurityContext{
-				RunAsUser:              util.NewType[int64](shared.DefaultRunAsUser),
-				RunAsGroup:             util.NewType[int64](shared.DefaultRunAsGroup),
-				RunAsNonRoot:           util.NewType(true),
-				ReadOnlyRootFilesystem: util.NewType(true),
+				RunAsUser:                util.NewType[int64](shared.DefaultRunAsUser),
+				RunAsGroup:               util.NewType[int64](shared.DefaultRunAsGroup),
+				RunAsNonRoot:             util.NewType(true),
+				ReadOnlyRootFilesystem:   util.NewType(true),
+				AllowPrivilegeEscalation: util.NewType(false),
 				Capabilities: &core.Capabilities{
 					Drop: []core.Capability{
 						"ALL",