From 4376ee1d390368d1ea0ab4e8bfb3356c11e18e7d Mon Sep 17 00:00:00 2001
From: Paul Buetow <paul@buetow.org>
Date: Fri, 9 Jan 2026 14:42:22 +0200
Subject: Add SETGID and SETUID capabilities to git-server

SSH privilege separation requires setgroups() and setuid() syscalls.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
---
 f3s/git-server/helm-chart/templates/deployment.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/f3s/git-server/helm-chart/templates/deployment.yaml b/f3s/git-server/helm-chart/templates/deployment.yaml
index 6f38d88..2223d14 100644
--- a/f3s/git-server/helm-chart/templates/deployment.yaml
+++ b/f3s/git-server/helm-chart/templates/deployment.yaml
@@ -52,7 +52,7 @@ spec:
           allowPrivilegeEscalation: false
           capabilities:
             drop: ["ALL"]
-            add: ["SYS_CHROOT"]
+            add: ["SYS_CHROOT", "SETGID", "SETUID"]
         resources:
           requests:
             cpu: 50m
-- 
cgit v1.2.3