gistfile1.txt

$ cat concourse-scc.yml
kind: SecurityContextConstraints
apiVersion: v1
metadata:
  name: concourse
allowPrivilegedContainer: true
defaultAddCapabilities:
  - "SYS_ADMIN"
  - "DAC_OVERRIDE"
  - "DAC_READ_SEARCH"
  - "KILL"
  - "NET_ADMIN"
  - "SETGID"
  - "SETPCAP"
  - "SETUID"
  - "SYS_CHROOT"
  - "SYS_PTRACE"
runAsUser:
  type: RunAsAny
seLinuxContext:
  type: RunAsAny
fsGroup:
  type: RunAsAny
supplementalGroups:
  type: RunAsAny