Add restrictive security context to registry pod and init containers

Fixes #7039

Signed-off-by: Tiger Kaovilai <passawit.kaovilai@gmail.com>

Author: kaovilai

internal/olm/operator/registry/fbcindex/fbc_registry_pod.go

@@ -148,15 +148,22 @@ func (f *FBCRegistryPod) Create(ctx context.Context, cfg *operator.Configuration
 			},
 		}
 
-		// Update the Registry Pod container security context to be restrictive
-		f.pod.Spec.Containers[0].SecurityContext = &corev1.SecurityContext{
+		restrictedSecurityContext := &corev1.SecurityContext{
 			Privileged:               pointer.To(false),
 			ReadOnlyRootFilesystem:   pointer.To(false),
 			AllowPrivilegeEscalation: pointer.To(false),
 			Capabilities: &corev1.Capabilities{
 				Drop: []corev1.Capability{"ALL"},
 			},
 		}
+
+		// Update the Registry Pod container security context to be restrictive
+		f.pod.Spec.Containers[0].SecurityContext = restrictedSecurityContext
+
+		// Update all init containers with the same restrictive security context
+		for i := range f.pod.Spec.InitContainers {
+			f.pod.Spec.InitContainers[i].SecurityContext = restrictedSecurityContext
+		}
 	}
 
 	if f.ImagePullPolicy == "" {