diff --git a/modules/nextflow/src/main/groovy/nextflow/k8s/model/PodSecurityContext.groovy b/modules/nextflow/src/main/groovy/nextflow/k8s/model/PodSecurityContext.groovy
index 2e8b6d4fb2..db6663eec6 100644
--- a/modules/nextflow/src/main/groovy/nextflow/k8s/model/PodSecurityContext.groovy
+++ b/modules/nextflow/src/main/groovy/nextflow/k8s/model/PodSecurityContext.groovy
@@ -36,12 +36,16 @@ class PodSecurityContext {
     private Map spec
 
     PodSecurityContext(def user) {
-        spec = [runAsUser: user]
+        spec = [runAsUser: user, seccompProfile: [ type: "RuntimeDefault"], runAsNonRoot : true]
     }
 
     PodSecurityContext(Map ctx) {
         assert ctx
         spec = ctx
+        if( ! spec.runAsNonRoot )
+          spec.runAsNonRoot = true
+        if( ! spec.seccompProfile )
+          spec.seccompProfile = [type: "RuntimeDefault"]
     }
 
     Map toSpec() { spec }
diff --git a/packing.gradle b/packing.gradle
index a2f1dee2bb..04a4ee9134 100644
--- a/packing.gradle
+++ b/packing.gradle
@@ -298,6 +298,7 @@ task dockerPack(type: Exec, dependsOn: ['packOne']) {
     COPY entry.sh /usr/local/bin/entry.sh
     COPY dist/docker /usr/local/bin/docker
     ENV NXF_HOME=/.nextflow
+    ENV NXF_ENABLE_FS_SYNC=true
     RUN chmod +x /usr/local/bin/nextflow /usr/local/bin/entry.sh
     RUN nextflow info && chown -R 1000:1000 /.nextflow
     ENTRYPOINT ["/usr/local/bin/entry.sh"]