diff --git a/gitea-runner/main.yaml b/gitea-runner/main.yaml
index 603dc33..dcc2fc4 100644
--- a/gitea-runner/main.yaml
+++ b/gitea-runner/main.yaml
@@ -82,6 +82,13 @@ spec:
         image: docker.io/gitea/act_runner:0.2.11-dind-rootless
         imagePullPolicy: IfNotPresent
         name: act-runner
+        securityContext:
+          runAsUser: 1000
+          runAsGroup: 1000
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+              - ALL
         volumeMounts:
         - mountPath: /data
           name: data