diff --git a/charts/trino/README.md b/charts/trino/README.md
index 57019345..531a7058 100644
--- a/charts/trino/README.md
+++ b/charts/trino/README.md
@@ -49,6 +49,8 @@ The following table lists the configurable parameters of the Trino chart and the
 | `sidecarContainers` |  | `{}` |
 | `securityContext.runAsUser` |  | `1000` |
 | `securityContext.runAsGroup` |  | `1000` |
+| `containerSecurityContext.allowPrivilegeEscalation` | Control whether a process can gain more privileges than its parent process. | `false` |
+| `containerSecurityContext.capabilities.drop` | List of Linux kernel capabilities that are dropped from every container. You can confirm the options for "capabilities" here:　https://man7.org/linux/man-pages/man7/capabilities.7.html  Please make sure to remove "CAP_" prefix which the kernel attaches to the names of permissions. | `["ALL"]` |
 | `shareProcessNamespace.coordinator` |  | `false` |
 | `shareProcessNamespace.worker` |  | `false` |
 | `service.type` |  | `"ClusterIP"` |
diff --git a/charts/trino/templates/deployment-coordinator.yaml b/charts/trino/templates/deployment-coordinator.yaml
index 157de2d0..04c5ee9f 100644
--- a/charts/trino/templates/deployment-coordinator.yaml
+++ b/charts/trino/templates/deployment-coordinator.yaml
@@ -104,6 +104,8 @@ spec:
         - name: {{ .Chart.Name }}-coordinator
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
+          securityContext:
+            {{- toYaml .Values.containerSecurityContext | nindent 12 }}
           env:
             {{- toYaml .Values.env | nindent 12 }}
           envFrom:
diff --git a/charts/trino/templates/deployment-worker.yaml b/charts/trino/templates/deployment-worker.yaml
index 246b64e1..fd61fe1a 100644
--- a/charts/trino/templates/deployment-worker.yaml
+++ b/charts/trino/templates/deployment-worker.yaml
@@ -80,6 +80,8 @@ spec:
         - name: {{ .Chart.Name }}-worker
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
+          securityContext:
+            {{- toYaml .Values.containerSecurityContext | nindent 12 }}
           env:
             {{- toYaml .Values.env | nindent 12 }}
           envFrom:
diff --git a/charts/trino/values.yaml b/charts/trino/values.yaml
index c422d495..155bf999 100644
--- a/charts/trino/values.yaml
+++ b/charts/trino/values.yaml
@@ -218,6 +218,13 @@ securityContext:
   runAsUser: 1000
   runAsGroup: 1000
 
+# -- SecurityContext configuration for containers
+containerSecurityContext:
+  allowPrivilegeEscalation: false  #  Control whether a process can gain more privileges than its parent process.
+  capabilities:
+    drop:  # List of Linux kernel capabilities that are dropped from every container. You can confirm the options for "capabilities" here:　https://man7.org/linux/man-pages/man7/capabilities.7.html  Please make sure to remove "CAP_" prefix which the kernel attaches to the names of permissions.
+      - ALL
+
 shareProcessNamespace:
   coordinator: false
   worker: false