From c13a82a3e61622cbeea2d9f814a1356395343981 Mon Sep 17 00:00:00 2001
From: jackdawm <123431751+jackdawm@users.noreply.github.com>
Date: Wed, 26 Jul 2023 16:51:17 -0400
Subject: [PATCH] Set security_opt to no-new-privileges:true

---
 docker/buildkite/docker-compose.yaml | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/docker/buildkite/docker-compose.yaml b/docker/buildkite/docker-compose.yaml
index 18a8dc2c95..e335eee3f3 100644
--- a/docker/buildkite/docker-compose.yaml
+++ b/docker/buildkite/docker-compose.yaml
@@ -15,6 +15,8 @@ services:
       - discovery.type=single-node
       - ES_JAVA_OPTS=-Xms256m -Xmx256m
       - xpack.security.enabled=false
+    security_opt:
+      - no-new-privileges:true
 
   cassandra:
     image: cassandra:3.11.9
@@ -22,6 +24,8 @@ services:
       driver: none
     expose:
       - 9042
+    security_opt:
+      - no-new-privileges:true
 
   temporal:
     image: temporaliotest/auto-setup:latest
@@ -44,6 +48,8 @@ services:
       - elasticsearch
     volumes:
       - ./dynamicconfig:/etc/temporal/config/dynamicconfig
+    security_opt:
+      - no-new-privileges:true
 
 
   unit-test-docker-jdk8:
@@ -76,4 +82,4 @@ services:
     environment:
       - "USER=unittest"
     volumes:
-      - "../../:/temporal-java-client"
\ No newline at end of file
+      - "../../:/temporal-java-client"