From 7debaf03ad4f3f61f04a1067953f8a3d57779c4e Mon Sep 17 00:00:00 2001
From: andyzhangx <xiazhang@microsoft.com>
Date: Sat, 8 Apr 2023 09:31:02 +0000
Subject: [PATCH] feat: enable securityContext.seccompProfile

---
 charts/README.md                              |   2 +-
 charts/latest/csi-driver-smb-v0.0.0.tgz       | Bin 4315 -> 4342 bytes
 .../templates/csi-smb-controller.yaml         |   8 ++++----
 .../templates/csi-smb-node-windows.yaml       |   5 ++++-
 .../templates/csi-smb-node.yaml               |   6 +++---
 charts/latest/csi-driver-smb/values.yaml      |   2 +-
 deploy/csi-smb-controller.yaml                |   3 +++
 deploy/csi-smb-node-windows.yaml              |   3 +++
 deploy/csi-smb-node.yaml                      |   3 +++
 9 files changed, 22 insertions(+), 10 deletions(-)

diff --git a/charts/README.md b/charts/README.md
index 86f574ca9b9..492e7b2ce05 100644
--- a/charts/README.md
+++ b/charts/README.md
@@ -70,7 +70,7 @@ The following table lists the configurable parameters of the latest SMB CSI Driv
 | `podAnnotations`                                        | collection of annotations to add to all the pods                                                           | `{}`                                                    |
 | `podLabels`                                             | collection of labels to add to all the pods                                                                | `{}`                                                    |
 | `priorityClassName`                                     | priority class name to be added to pods                                                                    | `system-cluster-critical`                               |
-| `securityContext`                                       | security context to be added to pods                                                                       | `{}`                                                    |
+| `securityContext`                                       | security context to be added to pods                                                                       | `{ seccompProfile: {type: RuntimeDefault} }`                                                    |
 | `controller.name`                                       | name of driver deployment                                                                                  | `csi-smb-controller`                                    |
 | `controller.replicas`                                   | replica num of csi-smb-controller                                                                          | `1`                                                     |
 | `controller.dnsPolicy`                                  | dnsPolicy of driver node daemonset, available values: `Default`, `ClusterFirstWithHostNet`, `ClusterFirst` |                                                         |
diff --git a/charts/latest/csi-driver-smb-v0.0.0.tgz b/charts/latest/csi-driver-smb-v0.0.0.tgz
index 3fceeb6261c3a4a6d0a61505417bb96025edd172..aec9f1411fa42f4a2911caaca900d909a53edb3a 100644
GIT binary patch
delta 4322
zcmV<85FPK^A@(7VJb!&}+c?tSzx62ycY)ozr}A4~+DAbCXp`(-vD-9=+dVwE912<*
z+k8TaT9R_&Oa0vsBqi&Ow&j<k?VSm1BTMAWkenHg=0|FMLEM0oDR5VW!_N5xbJ?EZ
zkp8g0((QJ;r^m<oZ@1g6{_XZo`#<!Kk9)`cqu#6I?hoDGaeudW`UC3jQHG@@5fbws
zx;yi#cJ4bVI3|Ap7lcI~n)VzV$BUm7OAyitK=_=*Qr{cAe~Zos@6d%-88l)X{gw=Y
zM<78s5e~saWtDQK3-aA|x7~HVc8?FGSSt2E#WVr2X9uvx{$F*EYxdti?H=s^ISL8!
z7(54|Ar^20F@N(AhcOY7&)RpdMVqjWAY)fZ#_<>&ghV)0)e+(lGeIQdGY^e@u4>-B
z7Os$ZOro({Xw?znFs8|vM7p8GV-NW_!hEKG#|fp^j1qt5p?9MzCa*aNh@^v*E4k)u
zN|XZuUgx_))Q-~ZIB%S@o*uQ2+TC@mDVah9LR@n;gn!LAXH8?(w7|FDe!ZS=!~!th
z^~SKkTl8BI$;_H(WJ;2pw)?9kaRl%w@!^f{vm}yA2A>0#;33HqKrhhWClKlDmnf}^
zu&FH2J)sm0A#D=qg<{5%HX49LlA#f%0uULgo9G@#`eq_P{pN_>M{UKAMUpd0fty7|
zghMyK=YI;E4p;tE_gi4c;X~|KMOL--0;N_Z$Bd3wyxH~zNk`OiMu26)^~^(rhZKGV
z`3Iv(2m^_wNJ%;c85gALvO0SDDDkoIP|raqh(tE(7cjyJl?c5+c!~*CypZw3i-#}K
zIZcEF{tMwk{+-Cl-<XhBP<h}W6oTZ$7uSqS4}bOl_w@MKuFDg^R8I10N*j0*eTd#;
zMb0xbl-)cxJ-Mbhg8UI><KJNl)I%o@Lidc{k!bv0DZmBc9%^-D7`JrS1xvUO!mzd(
zwURL;Qe?kWM?$UYN8RpwlHTR;X9A*F%a0Qe^}1oLSwCxK>HBhKy&ah?oa1s9{he6g
z(SL|UM9w_)I8U{I02F-5czR1R3LL9wEhX!sJD7Q>rEP;V3hlc^#HM^ls3*LYa%8b;
zt*EswABd15djO*m_|ikID>m>a5F`{@jp(OV5G&nzaxU%;Y#i-NlnvpBPtn2_jlq_6
zy@5d;HJB}jk|=q|T}-fWRDrlExf0bBy?;OfhLA-9r1msV=||M)Qji|%Ofm0JGVG*x
z>?&p*>5APyt0gX7M!#F*ckW3PuzOKbm&_I0^u@g=kxge7Q~T4ocRR)WmXhIZdh;he
zZ6TY&;Qib8IF3m)zDPKU#-E~4#{rp!uJkh%<78r6!{14TPPQ8C<6Tr}N0v{gLVuct
z<0nG0@OL}}DzpcB@dBNz2*p<uiP#9?C}Pq~s|v|*5a>UYA~^vRvp_g83*O|l>}05B
zv4TQb2IX2+@QN_H=7ez~XXg|PO#mX1@H8+~t&vFhluTiv8%RtTmv{_9k>W7&&_v2u
zc%4pJ4Fl#2wNUsFOMNjS<HYE2Cx2#v8>g(@m;;15<I!>AqCCdP#7syCUEg?2*XKkM
zA5+DB0Dhus>(~_@BpNG8RmWKzGcFUg9H?ILB+_*-iGU+4P{bn6m_)-F5+Egs#t0*k
zk~=rl6o=sq!2=Fs3dmExD^)!7sA#_tpM;9ydfjdh%^gc60lv?|_?oj3QGbivqnyRy
zp_?R<B!qOmn4|e2U-KVbD)}D?VXX6hovRNYF9&V;Ab01nF8_OUd{oK*oSgJ~hy2fT
zl#dh83Ejc_w^>q`2sBPTPyjJyGteGfJK)skwH@apL;eK(yJ~CWq9vAzc!^>PSb%a!
zo|8r%zNE-?RVX52?8DjPBY$e&fUeiR%I>21T*+XFxvofq=Cc-#<4SCyDAkCd`MiZ(
z_Z~}sa&Ta)%2NCPJOLU57i}5unhIWH|GksbUd8@Tk9#Kv`+tt|_}KX?nv&2{Q3q0?
zfQkdoLNzS@1U&TD&V24Ty4vMKjH5tDGs@~zoTsjRjT!2CkB=@2V1Gm+KrImt+p1a%
zx%m_QhT1kLqc+s`9|mzyH9t&&a}oghqFyp0ADtfQOA-!}(TF^tmYWlUDA3nNv^3rv
zF^(oc!~DGgS>-a-4KZ`ALg>14A(4<c^1(wbn~Slw32}tS5V*rxrPUx!k}hj#l835E
zW`)H;Y%guM0N6A)Gk>;k7C2toOpQugOgeh9N>$U&xcQx|<rkf_RPMO-KP}Yy+)8Pw
z(IlhA)D>SUkREI#+5h2?+G~74BnlvssIQ0LkW;g1o!B^`RK=<sq?z7D(7a@7RfB=4
zpDRm2S`Bzy=am%O>OD_4;y4<^%696d*UXw4ykZCJmr9(kZGZ5Uvef_Alh|9Mf~)<1
zuix#Smi>Rfd;IDU|2<1_UDvrIQQ)Bq9qWY<NvF6e0LQWDOnXiU5(ik~9Oh6upBZ?r
zB$06^X)PVinX0xRPx%TG`7{YCj=5cQ6Z5$vV$gU_j-uGPXU~lUS=?yyBcX~0e_wce
zRd5`y??+}6DSws4I5d#`)KJ)fnJE>YwaAxb&ZOdB^XFesl(K$ZrC0DpWzvOYPTr=F
z2l6Z)z0z#a;nx+<r;}QG?$phDA}6-)XL<4h`z&)_<h`0rDH(1b=0%0PO&R69sw#H*
zae-D&p_J8M+0A0j%0juWYv$dlm{IkR1`n30OwlHCSbwiTZ#5j`p;oJ^J<Ij8%B%<%
zHegx8ZdP)(B;yK`ReOrQpg$8P3#L^Oypk6yszo(nR=2upW2@~|EN_`=6td}g+fs^s
z17*>jEPAF=Ok{UYd03SvlidQIUEE2L4&nrhYYsXt@3hKsQoD@tw)4FUMU_U#>^?Ek
zXsLa+8-E4O=e1|6XnX5wOFY(5tR6HfprJhb<5{+9gfJf$hTIH$%blL}TeX|6ng|>O
z9E3Rg@#i-e7dMxK!Cx#DDc}IO3u#7veT@bQ84D43kQ}>akA<5pjAxQ3P^=8mwAw+V
zS7`@I&yayEJ){Cq^<P^s|E@Yk*M(gx>qbA{;eS#d_^IB^p|>m4CO|`7*H})B92E)E
z4I|9I1L+2Y7ar$$mCa+60+qC4McjfH>GjJ3SA9}RDh@dK5YgEUWAYb5!C({%w5~kx
z8I0zd9ZC)CxdgoJ*PK_7u3J{Q@|MQDFOE%2xoot{l-ktPv*Ah-0!!rCk*HNLdkox|
zaesMck8sM;=6e##f*NYmv;IbQRi?d-S*<V}RhC=b7G_nF_F1e-gu^DLq!#488c>a3
zU5QndEsbRx>Q%#7uUlD^V$&%53h7RlnLxTzXUUQk1u-L$Jp1wI^TE5%msc0pAKqPk
zv@N3PR=S1p>h0_8u4iXk*m!5>Y_cp1xPKz0VD4rwfR<+IwmMfEhccQa-L7oEs}NHz
zqc(_(n9uB5+RdY6%c80AugbHSGs%2LJ@oPXdK)py!)xW7R%yuDx|PI~5hgU@@NvRH
zOc)K!p0B)2q>O)simN~<HlAzA0O-Eio~id-g6RcNJR5+|qCj})s9UO&t_h3By?^rK
z7&u{pz46lMtEm3=5G;wvgV*USTeMbs&X|)ap)fA&Y0FC^xB5g8TBUJQW3n=kVZ3|%
zC&J;9<;nEl@<L|q7=*E$>5aFK^ID6#q^0U#I}3RzU#qOm|ECMoE+>N4?f>ZatNTA*
zoxFN=$p1e_ab35R?oUsVWCu&8y?+!PI3K(-8$4D60p)OJk+#QDVt;Z2e<p+%x2?u3
zco&V>hv<D_Z|T<_lK-l**8a1d!~whC_FUi^{O_dSKd$0`uZ|Aq|DL5(65`oJryI=Y
z^9&r+o5%;S1vZ$GG+Wf44jN42081E1jwOs|>6tl3DT&6P^rI|}svhqs$bYK$u9u%@
z;aIvown%UrgwZw{PX#dAcrAtFvdVi!BFflUCTAVWN}1QC(i5^3Ze}O7C#3Pa#-TFG
zn*g8s{LzyEOqG0e{*u!04e;E%UG@%W&K>J_pF^7axzgN~+}hp}-P(k=PjT;_3OV;~
zm8R)`HV3AfCD2!=5HdHtX@8<S>#F@^cmvb0oQB%3fvjavS6W+>Esf<VxHmJLvW{+U
zOzFwJ#cXOgH^y>u_T$eNH}C$qy!m`{`RnJwhx6Y)U%&bIx4$$?g2ICdtBS>EVThxk
zdRxh{{IdgXcmPX--2~66ge-tFJE_WIvLw}dx;oXm=Va<C50aC!b${PZ))MZegHhbR
zdwbhb|ENFn`R%P)6vgfB(l_@t^8NPd?d9jI4;Po8uim`Bv`O|0XJK7WMg(YZ1Eczr
z^qE=DRfww1>&l#1UCiHF7i+W0?UBkt@KBa@b?lKfFKOdCBE`x(tOk|=Si2@1fXlB3
zT$+$(C1kk`aJU@ktbbKh5|H5R$DhkaU9G6GQ}sgZjzPM{c3dH`6h*1hucowZpG>j$
z&YU*asix4JH+KVl;M`5jiSsjyi(7d_eK+WHqZo5L(DML2?sv6(iq)v{UA%gQ2Fum@
z1tyDIRxS=JmiYPn_9+&wbi?Pv%pD0gCNa3RAt(^Ky=~vBN`JS7W(!ca+Op0<S^hRW
zRJ%%(7f4P(fHnt#Fb5<gp)|`?1nB{yFvgM$2_<s&Qni@<!~rD&f(kJf(V1El^?^4Q
zfLa|>it5%7Bu44stL!Y?`QRPW;x!&uMP-M<tv6pe!kcq5!(45*X;`ua$h}4hCrlWj
z%kF41jclro8-FsZsOH|(a!)F`i8}5w%w<{|>E%`fZs)fm3SY%#wbxDGpgw0G;w!sh
zgB4s5u2a_afw#N;?WNg>xpi&Wc_dc6O0JUb13%Zh$G_zxlK;`A5&pa5_h8rHzeoM<
zNp=56|LAc3|5-`}h|*`u_KE%)f(Pu^J{C`f{MI>{@_*lOu5>RruWI4sOXC&Dd&cid
zJ5=qbP1BLz^`L1PZ*2;rn-igX1kuwl;Cn{9YolRi=$k%pxho#tWJmM?4gbCmeeH;a
zKMz`MZ0&0v$~xfP-x}U+Kg3+Cwi`NJSNP|Ex-FHz8JK%rTK}X;;(n_W+dIPA#)sq?
zhfbPt=zlEDIBa)pe814~7KdE70ggLc!Nyg$d;pCPpz+4XW0&E^R;v31jt_wD_Y3H*
zUn9O%Fn9Nm6s<lM`^=|ZYs;#2k>M=HV{HE4Z*NJU)Aoc#m|8{9ZM6T`=vZuZIob#;
zY=~TJ9z`^QEgDS1_9AX2!IC-Hd7u_h*LGsnLVubA;PXwCrT7mYV&6?cpeMzDx<|*a
zUe)oR!}mX*rPNZh<?kJ8W7alWJt(|589XR8S&as*`JCcDp`oXcH_yuNQ_{!B>>Z*C
zq9_|&H3#}RPUM7f@-OXL>*u!32m5arh1Ffvw9=)|g$Jo#9%%8ifBMUfjXT8?YSw92
zMSowva+buxL;q;C{^?W#f`7DP)gK`tlIi-MR+<7I>I!3!t(T}piO_%bXZ_WM85(sJ
zsMQK|yDb>{6qB$qR|7WMc$E*&+c>8+e2Rr=*w2Q2f+<9Di;+uv^Afe<W$e~>%NIo1
z#$G$L6G5Lb9+0SL6E+^&YM*A%th1j&LR%Jo|J24^H`=!(3P?0=ZuZTMyz*I3cbKwj
z48AAB{|8^DR&I5!dHlD@H+7phSLKY-x4pWf+upsQ#U!p6=7Pum+ROK$9Lk{_%GTxI
Q0RRC1|KBbxVgP~w01(NICIA2c

delta 4295
zcmV;&5IFDlA=@F4Jb!y{+c>uG-})4UJHX8Dt^CTXS3v$~lgw-}lLz8<78jdEKugCq
zZzNGeQck?7zx#ruWW8uvekAQ+Okk&uM4rRPdGY*6t;>n+F){^a^I+IHn_wo|GaUGD
zc2~OHZuj``Q2pEOcFX^Ed&m7Zy~D%qargMJd(?Z=?HzV|$A527cZYpgT4F9Rd(+*T
zS9x%Ml7b`hJ1|aY=%8uO!cnyN)5ik1usq-{Bau+g2A3bv+29j8S0aN(l%ZeaA+Qhx
za4W<CIH)L6)^tI>+wQiz*0&z<zT`_u|EJiGf$!J=tkD1Claq@6_fL9z{eO)@0z3xC
zLTHFN+(JYh#D8E+xL~vP!+YK)w8P2R=7KUj1`8n`3}tnM7(|p4LD|efW0%RA5AV6n
z1s;=dZ0A~acrc9ocuYdoP~fqHTpVIHQ-4RX@83|LxHAWR8eLIw!+=95EF?|I4Wm;c
z4G6F*-<qy=q+~}~<Baw6pncHpu43(zDTKiJ4WmO?kAHL8G?GnoeEaS9tNDi118rSz
zH4D7KxFwNPtyxN@(39hKzrH6H2R0=xd~jVFheGzjWq<`ZNU#{tTlCKfgzEP@l+;C7
zSLW!E_&yp!(!^7aVn*XO8h}88q7n8vATp8<(IXDk!<d8on<4rbwk1Cr3Pyb&n06{W
z7~0u0n}6eEy0W)w+#FjL8)CQIWm#J}DCw0fJv&bRVcX>-nNiCc0TwY+D-R(a`tS>g
z->Dx5Fc4Vqgrt@0<APMRua;UqpSYMisAnPMg*=`0a~R>+7YMyYc#4THc_D3w7cbwT
zGe716*w2J<@lPTq|Dar4LFt8sPym7vm)}q(9DmgR-{ZqWvn)>l`(lz+lhVNA@H)K2
zlANPgD1CUQM{?ui5VBW39sdSX@EvqyA@oSu0}02MQUJ~gb5N@zf~cj2&S}hC;F`5b
zsbwDnB6#|j97v!<{h-^uB*{|-f5gD^wcIFnP_G+Qn)TCGhOsYa*4vWV!Z<Ex(cg*%
z9)FEUNW{!R&+|n32jGJ%C`%p*>I1_vT1&{<=mBO9YAM}d)Q9%NB4U%aBTx(8N;uL;
zwwBad7f*x>p1y$52wdTy))gJN6YydmT8-!@S`bOud2ufG7HlkKOQa6rr!V0`7q!9`
zWxaty9W+=i%O_#{l$jWBVW>QQRWK#8DSvv4JPZL1IS6HGUeb=p+4Vs<s58Z^<C9@0
zd14kZ<4l+I{#7+`sT=*%D!=teLXST3g1Drn*d#CZBMD71vsl_6&z!p{W_Lar-X#xz
zRLd67DGV+@Ug9Vs;rKjeBpiPU0~H6P5?X6#O3F$3ri#Cn2pw%S*@xSR(3UJ;PJe_H
z3(JkUpuul=2tHR9=<Qo{CL<JAE+nEOgu{>uy{s}M!=9)9@qHvFfFkN~E27?qtd^OK
zuUOPjDE2{`RvEk^jBXgAjELEpkGUcMA&*%S7|Pa&$81Wbu#gSJCzJ_11};f47&&Mn
zM8us=rznOVb-8pDE<{587?E+TWq-I6QO}MN)^@}I0+sRTSW&(|TFLl~3kYmiTTI(!
zL=YGIlKTMMSk_jtD?AA_mOYgNr%^<ih^0G_qhfKW>R=KALzttGhKy2yhBL%L2ojDF
zMm!;Rrm0B|!x@4n97H}KNB&)^;-F_q`vd>NWfa%zc6(@URV&StJWOf-FMlA2RNkj^
zb^ZBb&=yZ(`#t8W{NKUhL23VgbkyJP|6iqio`6c|4K6>XNj<{RIFUdPBA?DcX|Phj
zMCRL;^_e1f0`5b(wN_DqMa<u!$Op_p3Z!Etp2rnFvTf;#c!XUzeSSvmTTu1dSLstU
zpUXaIVz$kbpy{-Qqp0LtB!8s}5j3B-kZnI=;ZF7m$GWmq|L-T@N5FVnMBAnUSLlE5
z=(tzX|Kr2n(O&;wqdY%%{*I<3aHQ8kBjSUYMQ|F(X>ljupuczKbIVfIE}kMBddizg
zt&@IU{&p2+r0P9C+sK0v2?4cuFl@_eEo5hJ)DESsQ6{CR?ca6AS%22No&saU1N2n}
znW2l057bW*4C2v<JfW7I5rfcEzjfD=cw<Bvnt&f<aU(MJOIO##^luqLRgDV?xxk?d
z4r-Z9jIm9CLp%o09?nXw21$}^Swo#Xl1)-A%uix_X}bl$qPXd~{jk7sl4f#N+I-Sc
zi&dza493o$q%FUyq<@t($F2Wqq1JsXp(SUNj226m4=RzGY$WLa;lMZ7_=-sAK`2mP
zO}{25SJSw#QSAFN#$h1z@-Bj=B}*$C40QcWSaQ8p3GbV%l4M(c=BP#thhwO1CpSHM
z)#T*m2VnjwyYsCTzEqal|7sF*V^pZ#{`Yz($Hztc-|rrE_kZ^PRf=uf)&mJW2c4@}
zFMv>3c~BTf5${ZURsaHfSl}$pEoDAc@JvWTZBCL}Dw@+(O+lWt6(n^1*ee<4cHT_P
z=N6AZ<@2*Fx|w_WUiTo48}<G;kkR083u`Y6j-u7$NOdBivY3YkeLvO|)?lVf$!0C~
z%c(Ib+1Kp-SAP^HtlyXE<!n)rbZ#@BwaMiH9D_wKHCqh$eaZ5vq=s5M`S6j5iD~$0
zo;1fk&79_W*Rv@kL(S8?sF1ZOqFh&H!7jee(aI<kvbwdy%-1YA%2h+td#8Lx%|R-8
zyi8>BI+4LTIePVQfP-4Cvh*yM&oZ+-T-1PNA$MQPd4G*$Ox;4{a+lc@7ZRFlERC9r
zyd5Y+AZBBb1u<Fb&d#BSdE7dg>j~yJ3{(`{X%(ZAb`eo)XGn2gfDqDHzmEM1?NjU@
z&F7VOb+nyTwFMrlm{Cod&!J&|cE_`*LkM9u&P}<V_Le<8?YAlqZMhKG^B8b``om8j
z&d+Zz27iOU87lgKJzzE@`Onog8l*oAMBqs<Y->c@PTkO{U@_z?LpUuDP|H;^fWkYZ
z0U`&<a8LfP&8hoPUZR`a8G%)^pPeTtPW)6s=L#IIEPw(QZm^i>ew2Ec!1L670AYKC
z<z8p#05W*RLRgSgEOj^MFMIuBhs!C`La!KL?|(Y<XSbA!pNS9J2raOY;>4$*g{{wn
zG|=Y)%&}W_t|493tYYO2m3dbjo2YV8X_pDLuBleT79;=~i_-&Msh|;EJEBaSn&XLL
zZ!-kA*ilVwdfH!0uZpxcQL7rok!88oZJ<_#-oA=f@nG0Qm83)7sRC69R)ttr*-%+F
zp?_XhjMcK0MkywVGJ8mSx=aO<a}i5iR_H~PgyQsvpUwuK?k}#+Z>~RGeKtAK<lxdm
zdDUUzcGoep%^h<xbJjVH1vrpU&`;CtmZ4d4h{;yUA(dvyuuF%XO2nkes7&G_=F?|H
zwzDXyThulFQ+gLMDyU0+2Yo)f*`yoA>3=nHPO3EIYy|Fg8DZkb3_ed7@Co%jeZnRy
z6Ct8spkyi#inQfgG68CArgw5zNw9woKAsK0rJ=_ibkHr-NqoZMb+7n30!FB3ZoD-5
z%8S1_1dBuR<a9dAoK~&nj2M{`AI7;8L|JKMR$nMWD>ZJaOhyJGh_;XacraYzo`3ZC
z4I47!z#xdkOdWH4o>y8_dupg&+C!JtH=m&>WB1jemKz(>KsjfT<^NXZe-o3r&5eLn
z_<z4&#{W-_PEPju-`6O%Z5PtL$tm*mVEMF{WQWfNpEST<p9n5G*hShF3xVCqE&LG^
zmOr)@QSVbYqSxVN?rhn&o|3;*S%0bj=}AJ5K5lw1Xa)Xrcye-5#(z!@5BK{28l~ig
z(uGbAn9k=ZIHV4d4qyXpC?%<nsJ<LD6h|HwFc1t27|)VBGt~D<IR2turJlWfygS!d
zb#}G*KJ}ks7J-9q^8`0Rm`t<rQUH^Q*HSnpt-RCRco7>(`&orD66V!jsec982sbg4
z+7Z&U9EVWmasfi55!^Z$lRE1EV(3CC8JR_>4a5I4=Wf{sKwt4wf$u)Y`C2*7QetIi
zSx%)bo98#T-v^&LcT&>Sf7VAOnq^Px_m8PXTsO;^4%K`Kvw><DE*|VwK~^%T3azQh
zhRX61+?y#*QAXESrsR^$Vt+LimKR|$IsM_M^V?6qU)<i`Ui@-DxIX*!{^rByfBdak
z1`M8b1d}f=4FVi`<;Sug%WwF$;Ry^4w(EFCC7>Rhnn{(M$&x(Vaeba`$C<P`3zCsD
z4c|=G5LqRYkv}PUch{2tk^ju+cX!$;^1HjGo8%S!`}NDmi~FnV^M8x`s}GkKrk?%G
zXi$}t5dq)3g;DiQ@=p7684W7+y3&`!7VEdt#F}(+bC@a@JQVv{AA6+D3(~lXNWStG
z-oP*cD}BNqwfc6bl@4iY@v2Qwqva@9rK0Qs@lJpEsi@TDiV8TBdrx}|!q&QDbAbiV
z_bT~7LEH3o0`utf#eYtf)d}>~PTNy=JMCCs?mRV^xZ2yG+u>eo#h9BRUVGeWx8Cw4
zyiw^BRMiR%+|_Calg2Hz&Y{M|&*yh9;kc61eor%d#O;VgU{|IfN9gXZeJ3m3<(e%J
zy>iPc3#s{=@R03FP2M6g0S-zXIKm7N7sU6|T!ok1)d(Ui$bXRdM9kjF7PB82pqPVK
zB1S`hCY_?XTSPsO-Z7yl9}PiZl-zSkuN|EYJ|We;#`7wvY%#gj=Cw1tJ~uth<#y|a
zB^w}|D}-=Dx$bn)9IYpjO{H;7W+l<wnON>fB-atgZKk<MYc09lXu{3>YNGHuF7;M7
z*+Jc>-@GcCVSk;LKPOCOhpQ8BHv60RW-aDM->~&e)NCc|dUwsv)Y0MMZL~)C-<ID4
zT!H@`^t(r8{J(#&zyI|rrG)>fJ0-hB|1`lp_Gg}pmqPxkoOJms+$-A&&L>+~nZ3RO
z@krT2;mn-*wplXs+g>y)f`Cn7RDC0ChahU=o2qDMu7Bs1x9BVSBc=k3D6F2J@A?AP
zwh(EP6Owy?^v`_>WJ`GTbpTAQYv1yc#vTIw-XKu(rN&CN?Eu57z`q9iX{h|&AfKx;
zy+=)Qxf|W!+!E>3HYD4Gc9KnKXXz$%vumWgMH4r;^tK6>*x3k4ESu#$j=0AW*S;>d
z3`#Uo-G3#PxX1YZycpkVAMw57d)tSksQ#MVE8l*rxK*Q*VKl;HtpA^PJ`zu5atRF=
z2aAhcP;Hd`SnHZx*&VHgA2m#7uOCG;%49cKgw4CSQ4f}^!PXPCKtDF?){>CsTV6r@
zj=zcbS1L>KA2!6Uoq#|uivM&E4$JqydMEvZ{eSnLU!_z`K=FHL%A6=2EngH}+zcHQ
zn$)8~D?X>TOK9jN`kQ6tciGeD=hP;aK@_Qjb!(vB<5)~6BmYsxy?Sp~e;4hR`cOYq
zMJsW>HarQreev@jB2!;(Ydk0x`#MsvW&HOGqjAI?^siRy-&QFk`By8F<KY5Akwh3t
zrGF`~p{g(j(RznkKH=(L^;vKELr;zT<w<`Ds@(<*T_2O6F;@*Xns^m2Pn$R=HC!Ka
z-f)}^#{^Rd#RfB%jOHC`Ma$T&9+u0A)Qz1EXe)v)rOYE?UMEaEl-9n?q#0K~0i_K5
z{;ia|s<a<T=#g;TT<x1HdFexg_Ap`97(jfFhyM?*NVME&T(bytoo{M3F|N`WCHu{)
pq1)WNp~WKBOmog+e{1)>FZ;4D`?7KQZvX%Q|No-X11|u4005fARL%eZ

diff --git a/charts/latest/csi-driver-smb/templates/csi-smb-controller.yaml b/charts/latest/csi-driver-smb/templates/csi-smb-controller.yaml
index e563c0a1d3b..00d1d96c481 100755
--- a/charts/latest/csi-driver-smb/templates/csi-smb-controller.yaml
+++ b/charts/latest/csi-driver-smb/templates/csi-smb-controller.yaml
@@ -39,7 +39,10 @@ spec:
         {{- if .Values.controller.runOnControlPlane}}
         node-role.kubernetes.io/control-plane: ""
         {{- end}}
-      priorityClassName: system-cluster-critical
+      priorityClassName: {{ .Values.priorityClassName | quote }}
+      {{- if .Values.securityContext }}
+      securityContext: {{- toYaml .Values.securityContext | nindent 8 }}
+      {{- end }}
 {{- with .Values.controller.tolerations }}
       tolerations:
 {{ toYaml . | indent 8 }}
@@ -131,6 +134,3 @@ spec:
           emptyDir: {}
         - name: tmp-dir
           emptyDir: {}
-      {{- if .Values.securityContext }}
-      securityContext: {{- toYaml .Values.securityContext | nindent 8 }}
-      {{- end }}
diff --git a/charts/latest/csi-driver-smb/templates/csi-smb-node-windows.yaml b/charts/latest/csi-driver-smb/templates/csi-smb-node-windows.yaml
index d2dafacce19..b033b151c97 100755
--- a/charts/latest/csi-driver-smb/templates/csi-smb-node-windows.yaml
+++ b/charts/latest/csi-driver-smb/templates/csi-smb-node-windows.yaml
@@ -31,7 +31,10 @@ spec:
       affinity:
 {{ toYaml . | indent 8 }}
 {{- end }}
-      priorityClassName: system-node-critical
+      priorityClassName: {{ .Values.priorityClassName | quote }}
+      {{- if .Values.securityContext }}
+      securityContext: {{- toYaml .Values.securityContext | nindent 8 }}
+      {{- end }}
       serviceAccountName: {{ .Values.serviceAccount.node }}
       {{- include "smb.pullSecrets" . | indent 6 }}
       containers:
diff --git a/charts/latest/csi-driver-smb/templates/csi-smb-node.yaml b/charts/latest/csi-driver-smb/templates/csi-smb-node.yaml
index 3fc4eebf530..13e8ef72797 100755
--- a/charts/latest/csi-driver-smb/templates/csi-smb-node.yaml
+++ b/charts/latest/csi-driver-smb/templates/csi-smb-node.yaml
@@ -38,6 +38,9 @@ spec:
 {{ toYaml . | indent 8 }}
 {{- end }}
       priorityClassName: {{ .Values.priorityClassName | quote }}
+      {{- if .Values.securityContext }}
+      securityContext: {{- toYaml .Values.securityContext | nindent 8 }}
+      {{- end }}
 {{- with .Values.linux.tolerations }}
       tolerations:
 {{ toYaml . | indent 8 }}
@@ -148,7 +151,4 @@ spec:
             path: {{ .Values.linux.kubelet }}/plugins_registry/
             type: DirectoryOrCreate
           name: registration-dir
-      {{- if .Values.securityContext }}
-      securityContext: {{- toYaml .Values.securityContext | nindent 8 }}
-      {{- end }}
 {{- end -}}
diff --git a/charts/latest/csi-driver-smb/values.yaml b/charts/latest/csi-driver-smb/values.yaml
index 2d9d6c978d7..a28fd97545a 100755
--- a/charts/latest/csi-driver-smb/values.yaml
+++ b/charts/latest/csi-driver-smb/values.yaml
@@ -150,4 +150,4 @@ priorityClassName: system-cluster-critical
 ## Security context give the opportunity to run container as nonroot by setting a securityContext
 ## by example :
 ## securityContext: { runAsUser: 1001 }
-securityContext: {}
+securityContext: { seccompProfile: {type: RuntimeDefault} }
diff --git a/deploy/csi-smb-controller.yaml b/deploy/csi-smb-controller.yaml
index 1b9008beda9..d8bc2a1ed4d 100644
--- a/deploy/csi-smb-controller.yaml
+++ b/deploy/csi-smb-controller.yaml
@@ -19,6 +19,9 @@ spec:
       nodeSelector:
         kubernetes.io/os: linux
       priorityClassName: system-cluster-critical
+      securityContext:
+        seccompProfile:
+          type: RuntimeDefault
       tolerations:
         - key: "node-role.kubernetes.io/master"
           operator: "Exists"
diff --git a/deploy/csi-smb-node-windows.yaml b/deploy/csi-smb-node-windows.yaml
index cf486448176..71c34d91db5 100644
--- a/deploy/csi-smb-node-windows.yaml
+++ b/deploy/csi-smb-node-windows.yaml
@@ -24,6 +24,9 @@ spec:
       nodeSelector:
         kubernetes.io/os: windows
       priorityClassName: system-node-critical
+      securityContext:
+        seccompProfile:
+          type: RuntimeDefault
       serviceAccountName: csi-smb-node-sa
       containers:
         - name: liveness-probe
diff --git a/deploy/csi-smb-node.yaml b/deploy/csi-smb-node.yaml
index e5a1cd0108b..055a2c340b8 100644
--- a/deploy/csi-smb-node.yaml
+++ b/deploy/csi-smb-node.yaml
@@ -23,6 +23,9 @@ spec:
       nodeSelector:
         kubernetes.io/os: linux
       priorityClassName: system-node-critical
+      securityContext:
+        seccompProfile:
+          type: RuntimeDefault
       tolerations:
         - operator: "Exists"
       containers: