## Summary Currently there are 3 containers in the nova pod running with `privileged: true` and uid 0. From a security perspective this is not an optimal solution. ### Use cases * For the sake of smooth security audits, the number of privileged pods should be reduced to the necessary minimum. ## Proposal Remove the `securityContext` for all containers in the nova pod and find other solutions to run containers without root privilege. Also remove hostPath `/dev` and replace it by device plugins. If a pod has to run in privileged mode, the technical reason MUST be documented. To be discussed. ## Specification A pod MUST NOT run in privileged mode, unless the technical reason is documented. The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this issue are to be interpreted *in the spirit of* [RFC 2119](https://datatracker.ietf.org/doc/html/rfc2119), even though we're not technically doing protocol design.