fix: change agent to run as same user in dockerfile (#3243)

Signed-off-by: Austin Abro <[email protected]>

Author: AustinAbro321

Dockerfile

@@ -4,6 +4,6 @@ ARG TARGETARCH
 # 65532 is the UID of the `nonroot` user in chainguard/static.  See: https://edu.chainguard.dev/chainguard/chainguard-images/reference/static/overview/#users
 USER 65532:65532
 
-COPY --chown=65532:65532 "build/zarf-linux-$TARGETARCH" /zarf
+COPY --chown=65532:65532 --chmod=0700 "build/zarf-linux-$TARGETARCH" /zarf
 
 CMD ["/zarf", "internal", "agent", "--log-level=debug", "--log-format=text", "--no-log-file"]

packages/zarf-agent/manifests/deployment.yaml

@@ -23,9 +23,9 @@ spec:
       serviceAccountName: zarf
       # Security context to comply with restricted PSS
       securityContext:
-        runAsUser: 1000
-        fsGroup: 2000
-        runAsGroup: 2000
+        runAsUser: 65532
+        fsGroup: 65532
+        runAsGroup: 65532
         seccompProfile:
           type: "RuntimeDefault"
       containers: