From d0a42df005112ab45792cf5e281a70b20eb8fd97 Mon Sep 17 00:00:00 2001
From: Pat Riehecky <riehecky@fnal.gov>
Date: Thu, 12 Sep 2024 13:54:22 -0500
Subject: [PATCH] Setup seccompProfile per recommendation from trivy

Signed-off-by: Pat Riehecky <riehecky@fnal.gov>
---
 deploy/chart/local-path-provisioner/values.yaml | 6 +++---
 deploy/local-path-storage.yaml                  | 3 +++
 deploy/provisioner.yaml                         | 3 +++
 3 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/deploy/chart/local-path-provisioner/values.yaml b/deploy/chart/local-path-provisioner/values.yaml
index 674ffa23..b0651af2 100644
--- a/deploy/chart/local-path-provisioner/values.yaml
+++ b/deploy/chart/local-path-provisioner/values.yaml
@@ -97,10 +97,10 @@ podAnnotations: {}
 podSecurityContext: {}
   # runAsNonRoot: true
 
-securityContext: {}
+securityContext:
+  seccompProfile:
+    type: RuntimeDefault
   # allowPrivilegeEscalation: false
-  # seccompProfile:
-  #   type: RuntimeDefault
   # capabilities:
   #   drop: ["ALL"]
   # runAsUser: 65534
diff --git a/deploy/local-path-storage.yaml b/deploy/local-path-storage.yaml
index d384314a..20be7480 100644
--- a/deploy/local-path-storage.yaml
+++ b/deploy/local-path-storage.yaml
@@ -106,6 +106,9 @@ spec:
                   fieldPath: metadata.namespace
             - name: CONFIG_MOUNT_PATH
               value: /etc/config/
+          securityContext:
+            seccompProfile:
+              type: RuntimeDefau
       volumes:
         - name: config-volume
           configMap:
diff --git a/deploy/provisioner.yaml b/deploy/provisioner.yaml
index dfe6e9ef..b1b23cc8 100644
--- a/deploy/provisioner.yaml
+++ b/deploy/provisioner.yaml
@@ -32,6 +32,9 @@ spec:
               valueFrom:
                 fieldRef:
                   fieldPath: metadata.namespace
+          securityContext:
+            seccompProfile:
+              type: RuntimeDefault
       volumes:
         - name: config-volume
           configMap: