arangodb
diff --git a/‎CHANGELOG.md
Lines changed: 1 addition & 0 deletions b/‎CHANGELOG.md
Lines changed: 1 addition & 0 deletions
diff --git a/‎pkg/apis/deployment/v1/server_group_security_context_spec.go
Lines changed: 9 additions & 0 deletions b/‎pkg/apis/deployment/v1/server_group_security_context_spec.go
Lines changed: 9 additions & 0 deletions
diff --git a/‎pkg/apis/deployment/v1/server_group_security_context_spec_test.go
Lines changed: 45 additions & 1 deletion b/‎pkg/apis/deployment/v1/server_group_security_context_spec_test.go
Lines changed: 45 additions & 1 deletion
diff --git a/‎pkg/apis/deployment/v2alpha1/server_group_security_context_spec.go
Lines changed: 9 additions & 0 deletions b/‎pkg/apis/deployment/v2alpha1/server_group_security_context_spec.go
Lines changed: 9 additions & 0 deletions
diff --git a/‎pkg/apis/deployment/v2alpha1/server_group_security_context_spec_test.go
Lines changed: 45 additions & 1 deletion b/‎pkg/apis/deployment/v2alpha1/server_group_security_context_spec_test.go
Lines changed: 45 additions & 1 deletion
@@ -20,6 +20,7 @@
 - (Maintenance) Update Go to 1.22.2
 - (Feature) Object Checksum
 - (Bugfix) Use Rendered Spec in case of scheduling compare
+- (Bugfix) Pass SecurityContext Pod Settings for SELinux and Seccomp
 
 ## [1.2.39](https://github.com/arangodb/kube-arangodb/tree/1.2.39) (2024-03-11)
 - (Feature) Extract Scheduler API
 
@@ -116,6 +116,15 @@ func (s *ServerGroupSpecSecurityContext) NewPodSecurityContext(secured bool) *co
 		}
 	}
 
+	if s != nil {
+		if psc == nil {
+			psc = &core.PodSecurityContext{}
+		}
+
+		psc.SeccompProfile = s.SeccompProfile.DeepCopy()
+		psc.SELinuxOptions = s.SELinuxOptions.DeepCopy()
+	}
+
 	if s != nil && len(s.Sysctls) > 0 {
 		var sysctls []core.Sysctl
 		for k, v := range s.Sysctls {
 
@@ -1,7 +1,7 @@
 //
 // DISCLAIMER
 //
-// Copyright 2016-2023 ArangoDB GmbH, Cologne, Germany
+// Copyright 2016-2024 ArangoDB GmbH, Cologne, Germany
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -101,6 +101,28 @@ func TestServerGroupSpecSecurityContext_NewPodSecurityContext(t *testing.T) {
 				},
 			},
 		},
+		"pass seccompProfile opts": {
+			sc: &ServerGroupSpecSecurityContext{
+				SeccompProfile: &core.SeccompProfile{
+					Type: core.SeccompProfileTypeRuntimeDefault,
+				},
+			},
+			secured: false,
+			want: &core.PodSecurityContext{
+				SeccompProfile: &core.SeccompProfile{
+					Type: core.SeccompProfileTypeRuntimeDefault,
+				},
+			},
+		},
+		"pass seLinuxOptions opts": {
+			sc: &ServerGroupSpecSecurityContext{
+				SELinuxOptions: &core.SELinuxOptions{Type: "test"},
+			},
+			secured: false,
+			want: &core.PodSecurityContext{
+				SELinuxOptions: &core.SELinuxOptions{Type: "test"},
+			},
+		},
 	}
 
 	for testName, testCase := range testCases {
@@ -225,6 +247,28 @@ func TestServerGroupSpecSecurityContext_NewSecurityContext(t *testing.T) {
 				RunAsUser:              util.NewType[int64](3001),
 			},
 		},
+		"pass seccompProfile opts": {
+			sc: &ServerGroupSpecSecurityContext{
+				SeccompProfile: &core.SeccompProfile{
+					Type: core.SeccompProfileTypeRuntimeDefault,
+				},
+			},
+			secured: false,
+			want: &core.SecurityContext{
+				SeccompProfile: &core.SeccompProfile{
+					Type: core.SeccompProfileTypeRuntimeDefault,
+				},
+			},
+		},
+		"pass seLinuxOptions opts": {
+			sc: &ServerGroupSpecSecurityContext{
+				SELinuxOptions: &core.SELinuxOptions{Type: "test"},
+			},
+			secured: false,
+			want: &core.SecurityContext{
+				SELinuxOptions: &core.SELinuxOptions{Type: "test"},
+			},
+		},
 	}
 
 	for testName, testCase := range tests {
 
@@ -116,6 +116,15 @@ func (s *ServerGroupSpecSecurityContext) NewPodSecurityContext(secured bool) *co
 		}
 	}
 
+	if s != nil {
+		if psc == nil {
+			psc = &core.PodSecurityContext{}
+		}
+
+		psc.SeccompProfile = s.SeccompProfile.DeepCopy()
+		psc.SELinuxOptions = s.SELinuxOptions.DeepCopy()
+	}
+
 	if s != nil && len(s.Sysctls) > 0 {
 		var sysctls []core.Sysctl
 		for k, v := range s.Sysctls {
 
@@ -1,7 +1,7 @@
 //
 // DISCLAIMER
 //
-// Copyright 2016-2023 ArangoDB GmbH, Cologne, Germany
+// Copyright 2016-2024 ArangoDB GmbH, Cologne, Germany
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -101,6 +101,28 @@ func TestServerGroupSpecSecurityContext_NewPodSecurityContext(t *testing.T) {
 				},
 			},
 		},
+		"pass seccompProfile opts": {
+			sc: &ServerGroupSpecSecurityContext{
+				SeccompProfile: &core.SeccompProfile{
+					Type: core.SeccompProfileTypeRuntimeDefault,
+				},
+			},
+			secured: false,
+			want: &core.PodSecurityContext{
+				SeccompProfile: &core.SeccompProfile{
+					Type: core.SeccompProfileTypeRuntimeDefault,
+				},
+			},
+		},
+		"pass seLinuxOptions opts": {
+			sc: &ServerGroupSpecSecurityContext{
+				SELinuxOptions: &core.SELinuxOptions{Type: "test"},
+			},
+			secured: false,
+			want: &core.PodSecurityContext{
+				SELinuxOptions: &core.SELinuxOptions{Type: "test"},
+			},
+		},
 	}
 
 	for testName, testCase := range testCases {
@@ -225,6 +247,28 @@ func TestServerGroupSpecSecurityContext_NewSecurityContext(t *testing.T) {
 				RunAsUser:              util.NewType[int64](3001),
 			},
 		},
+		"pass seccompProfile opts": {
+			sc: &ServerGroupSpecSecurityContext{
+				SeccompProfile: &core.SeccompProfile{
+					Type: core.SeccompProfileTypeRuntimeDefault,
+				},
+			},
+			secured: false,
+			want: &core.SecurityContext{
+				SeccompProfile: &core.SeccompProfile{
+					Type: core.SeccompProfileTypeRuntimeDefault,
+				},
+			},
+		},
+		"pass seLinuxOptions opts": {
+			sc: &ServerGroupSpecSecurityContext{
+				SELinuxOptions: &core.SELinuxOptions{Type: "test"},
+			},
+			secured: false,
+			want: &core.SecurityContext{
+				SELinuxOptions: &core.SELinuxOptions{Type: "test"},
+			},
+		},
 	}
 
 	for testName, testCase := range tests {