Update magic catalog for psa changes (#2842)

Signed-off-by: perdasilva <perdasilva@redhat.com>

Author: perdasilva

test/e2e/magic_catalog.go

@@ -11,6 +11,7 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	utilerrors "k8s.io/apimachinery/pkg/util/errors"
 	"k8s.io/apimachinery/pkg/util/intstr"
+	"k8s.io/utils/pointer"
 	k8scontrollerclient "sigs.k8s.io/controller-runtime/pkg/client"
 )
 
@@ -259,15 +260,18 @@ func (c *MagicCatalog) makeCatalogSourcePod() *corev1.Pod {
 		volumeMountName string = "fbc-catalog"
 	)
 
-	readOnlyRootFilesystem := false
-
 	return &corev1.Pod{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      c.podName,
 			Namespace: c.namespace,
 			Labels:    c.makeCatalogSourcePodLabels(),
 		},
 		Spec: corev1.PodSpec{
+			SecurityContext: &corev1.PodSecurityContext{
+				SeccompProfile: &corev1.SeccompProfile{
+					Type: corev1.SeccompProfileTypeRuntimeDefault,
+				},
+			},
 			Containers: []corev1.Container{
 				{
 					Name:    "catalog",
@@ -304,7 +308,13 @@ func (c *MagicCatalog) makeCatalogSourcePod() *corev1.Pod {
 						},
 					},
 					SecurityContext: &corev1.SecurityContext{
-						ReadOnlyRootFilesystem: &readOnlyRootFilesystem,
+						ReadOnlyRootFilesystem:   pointer.Bool(false),
+						AllowPrivilegeEscalation: pointer.Bool(false),
+						Capabilities: &corev1.Capabilities{
+							Drop: []corev1.Capability{"ALL"},
+						},
+						RunAsNonRoot: pointer.Bool(true),
+						RunAsUser:    pointer.Int64(1001),
 					},
 					ImagePullPolicy:          corev1.PullAlways,
 					TerminationMessagePolicy: corev1.TerminationMessageFallbackToLogsOnError,