From a7ea701cc65ab230d269e4f6b91b39a03c126fad Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Thorsten=20Ro=C3=9Fner?= <thorsten.rossner.extern@zendis.de>
Date: Wed, 2 Oct 2024 12:03:19 +0200
Subject: [PATCH] fix(collabora): Reduce Collabora's securityContext
 capabilities.

---
 helmfile/apps/collabora/values.yaml.gotmpl | 10 +---------
 1 file changed, 1 insertion(+), 9 deletions(-)

diff --git a/helmfile/apps/collabora/values.yaml.gotmpl b/helmfile/apps/collabora/values.yaml.gotmpl
index 30a23ab1..fcd32167 100644
--- a/helmfile/apps/collabora/values.yaml.gotmpl
+++ b/helmfile/apps/collabora/values.yaml.gotmpl
@@ -118,17 +118,9 @@ securityContext:
       - "ALL"
     add:
       - "CHOWN"
-      - "DAC_OVERRIDE"
       - "FOWNER"
-      - "FSETID"
-      - "KILL"
-      - "SETGID"
-      - "SETUID"
-      - "SETPCAP"
-      - "NET_BIND_SERVICE"
-      - "NET_RAW"
       - "SYS_CHROOT"
-      - "MKNOD"
+
   seLinuxOptions:
     {{ .Values.seLinuxOptions.collabora | toYaml | nindent 4 }}
 serviceAccount: