Add SETGID and SETUID capabilities to git-server

SSH privilege separation requires setgroups() and setuid() syscalls. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
author: Paul Buetow <paul@buetow.org> 2026-01-09 14:42:22 +0200
committer: Paul Buetow <paul@buetow.org> 2026-01-09 19:40:51 +0200
commit: 17be526604eb841052e4d347d3ee05043841fa95 (patch)
tree: 2cca816986eeed8286ec13c079349bf427791aec
parent: 723ebbc6ee9a33462a64bad622f5fbf98353555e (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/f3s/git-server/helm-chart/templates/deployment.yaml b/f3s/git-server/helm-chart/templates/deployment.yaml
index 6f38d88..2223d14 100644
--- a/f3s/git-server/helm-chart/templates/deployment.yaml
+++ b/f3s/git-server/helm-chart/templates/deployment.yaml
@@ -52,7 +52,7 @@ spec:
           allowPrivilegeEscalation: false
           capabilities:
             drop: ["ALL"]
-            add: ["SYS_CHROOT"]
+            add: ["SYS_CHROOT", "SETGID", "SETUID"]
         resources:
           requests:
             cpu: 50m
author	Paul Buetow <paul@buetow.org>	2026-01-09 14:42:22 +0200
committer	Paul Buetow <paul@buetow.org>	2026-01-09 19:40:51 +0200
commit	17be526604eb841052e4d347d3ee05043841fa95 (patch)
tree	2cca816986eeed8286ec13c079349bf427791aec
parent	723ebbc6ee9a33462a64bad622f5fbf98353555e (diff)