diff --git a/helmfile/apps/nubus/values-opendesk-customization.yaml.gotmpl b/helmfile/apps/nubus/values-opendesk-customization.yaml.gotmpl
index 162c50a9..1a9eb0e5 100644
--- a/helmfile/apps/nubus/values-opendesk-customization.yaml.gotmpl
+++ b/helmfile/apps/nubus/values-opendesk-customization.yaml.gotmpl
@@ -185,6 +185,33 @@ nubusUmcServer:
     runAsNonRoot: false
     seLinuxOptions:
       {{ .Values.seLinuxOptions.umsUmcServer | toYaml | nindent 6 }}
+  containerSecurityContextSssd:
+    enabled: true
+    allowPrivilegeEscalation: true
+    capabilities:
+      drop:
+        - "ALL"
+      add:
+        - "DAC_OVERRIDE"
+        - "SETGID"
+        - "AUDIT_WRITE"
+        - "SETUID"
+        - "CHOWN"
+        - "SETPCAP"
+        - "FOWNER"
+        - "FSETID"
+        - "KILL"
+        - "MKNOD"
+        - "NET_BIND_SERVICE"
+        - "SYS_CHROOT"
+    runAsUser: 0
+    runAsGroup: 0
+    seccompProfile:
+      type: "RuntimeDefault"
+    readOnlyRootFilesystem: true
+    runAsNonRoot: false
+    seLinuxOptions:
+      {{ .Values.seLinuxOptions.umsUmcServer | toYaml | nindent 6 }}
   imagePullSecrets:
     {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
   proxy:
diff --git a/helmfile/apps/open-xchange/values-oxconnector.yaml.gotmpl b/helmfile/apps/open-xchange/values-oxconnector.yaml.gotmpl
index 69d8263c..4b8da67d 100644
--- a/helmfile/apps/open-xchange/values-oxconnector.yaml.gotmpl
+++ b/helmfile/apps/open-xchange/values-oxconnector.yaml.gotmpl
@@ -90,7 +90,6 @@ securityContext:
       - "SETUID"
       - "SETPCAP"
       - "NET_BIND_SERVICE"
-      - "NET_RAW"
       - "SYS_CHROOT"
   privileged: false
   seccompProfile: