diff --git a/charts/maas/templates/statefulset-rack.yaml b/charts/maas/templates/statefulset-rack.yaml
index 1c99ffc..60d0920 100644
--- a/charts/maas/templates/statefulset-rack.yaml
+++ b/charts/maas/templates/statefulset-rack.yaml
@@ -75,7 +75,14 @@ spec:
           command:
             - /tmp/start.sh
           securityContext:
-            privileged: true
+            capabilities:
+              add:
+                - 'DAC_READ_SEARCH'
+                - 'NET_ADMIN'
+                - 'SYS_ADMIN'
+                - 'SYS_PTRACE'
+                - 'SYS_RESOURCE'
+                - 'SYS_TIME'
           readinessProbe:
             initialDelaySeconds: 60
             periodSeconds: 300
diff --git a/charts/maas/templates/statefulset-region.yaml b/charts/maas/templates/statefulset-region.yaml
index a165118..9aafd17 100644
--- a/charts/maas/templates/statefulset-region.yaml
+++ b/charts/maas/templates/statefulset-region.yaml
@@ -65,7 +65,14 @@ spec:
             tcpSocket:
               port: {{ tuple "maas_region" "podport" "region_api" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
           securityContext:
-            privileged: true
+            capabilities:
+              add:
+                - 'SYS_ADMIN'
+                - 'NET_ADMIN'
+                - 'SYS_PTRACE'
+                - 'SYS_TIME'
+                - 'SYS_RESOURCE'
+                - 'DAC_READ_SEARCH'
           command:
             - /tmp/start.sh
           volumeMounts: