From 4d9bd9af770dc6880dcef2ddc48c94c760e925ff Mon Sep 17 00:00:00 2001
From: Klaas Sangers <klaas.sangers@axtion.nl>
Date: Thu, 25 Apr 2024 08:26:47 +0200
Subject: [PATCH] Improve container security

- Add security context capabilities with drop all in `charts/mailpit/values.yaml`
- Add seccompProfile to container security context in `charts/mailpit/values.yaml`
---
 charts/mailpit/Chart.yaml  | 4 ++--
 charts/mailpit/values.yaml | 5 +++++
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/charts/mailpit/Chart.yaml b/charts/mailpit/Chart.yaml
index 59f472e..c03c33e 100644
--- a/charts/mailpit/Chart.yaml
+++ b/charts/mailpit/Chart.yaml
@@ -3,8 +3,8 @@ name: mailpit
 description: An email and SMTP testing tool with API for developers
 icon: https://raw.githubusercontent.com/axllent/mailpit/develop/server/ui/mailpit.svg
 type: application
-version: 0.17.1
-appVersion: 1.17.1
+version: 0.17.2
+appVersion: 1.17.2
 dependencies:
 - name: common
   repository: oci://registry-1.docker.io/bitnamicharts
diff --git a/charts/mailpit/values.yaml b/charts/mailpit/values.yaml
index 7c27772..f854ebd 100644
--- a/charts/mailpit/values.yaml
+++ b/charts/mailpit/values.yaml
@@ -84,10 +84,15 @@ podSecurityContext:
 ##
 containerSecurityContext:
   allowPrivilegeEscalation: false
+  capabilities:
+    drop:
+      - ALL
   runAsUser: 1001
   runAsGroup: 1001
   runAsNonRoot: true
   readOnlyRootFilesystem: true
+  seccompProfile:
+    type: RuntimeDefault
 
 ## @param replicaCount Number of replicas to deploy
 ##