diff --git a/nova/templates/daemonset-compute.yaml b/nova/templates/daemonset-compute.yaml
index 94aae13165..f0708ef7b8 100644
--- a/nova/templates/daemonset-compute.yaml
+++ b/nova/templates/daemonset-compute.yaml
@@ -210,8 +210,7 @@ spec:
           image: {{ .Values.images.tags.tf_compute_init }}
           imagePullPolicy: {{ .Values.images.pull_policy }}
 {{ tuple $envAll $envAll.Values.pod.resources.compute | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
-          securityContext:
-            runAsUser: {{ .Values.pod.user.nova.uid }}
+{{ dict "envAll" $envAll "application" "nova" "container" "tungstenfabric_compute_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
           volumeMounts:
             - name: tf-plugin-shared
               mountPath: /opt/plugin
diff --git a/nova/values.yaml b/nova/values.yaml
index 1462cb5fe4..768e8abefe 100644
--- a/nova/values.yaml
+++ b/nova/values.yaml
@@ -2346,6 +2346,9 @@ pod:
         nova_compute_init:
           readOnlyRootFilesystem: true
           runAsUser: 0
+        tungstenfabric_compute_init:
+          readOnlyRootFilesystem: true
+          allowPrivilegeEscalation: false
         ceph_perms:
           readOnlyRootFilesystem: true
           runAsUser: 0