Currently the container based deployments (docker/podman) of the F@H client are run with the default set of capabilities and seccomp profile. The F@H client likely does not need all of the default capabilities. The F@H code has not been updated in some time and likely has security vulnerabilities. The client and other components of the F@H system run web ports that are open to attack. Should they be attacked and a breakout occur, updating these settings will help contain the threat.

Update the container based deployments to drop unnecessary capabilities and configure the seccomp profile for enhanced security.