diff --git a/build/load-balancer/Dockerfile b/build/load-balancer/Dockerfile
index e61eec0c..4b6bb3af 100644
--- a/build/load-balancer/Dockerfile
+++ b/build/load-balancer/Dockerfile
@@ -33,9 +33,7 @@ RUN addgroup --gid $UID $USER \
 WORKDIR $HOME
 COPY --from=build /app/load-balancer .
 COPY --from=lb-builder /bin/nfqlb /bin/nfqlb
-# cap_dac_override required by non-root user because of nsm-socket hostPath file permissions
-# (while file permissions of hostPath unix spire-agent-socket grant "write" access for "others")
-RUN setcap 'cap_net_admin,cap_dac_override+ep' ./load-balancer \
+RUN setcap 'cap_net_admin+ep' ./load-balancer \
   && chown root:root /bin/nfqlb && setcap 'cap_net_admin,cap_ipc_lock,cap_ipc_owner+ep' /bin/nfqlb \
   && setcap 'cap_net_admin+ep' /usr/sbin/nft
 USER ${UID}:${UID}
diff --git a/build/proxy/Dockerfile b/build/proxy/Dockerfile
index aece5685..d4ce2f41 100644
--- a/build/proxy/Dockerfile
+++ b/build/proxy/Dockerfile
@@ -28,8 +28,6 @@ RUN addgroup --gid $UID $USER \
   && chown -R :root "${HOME}" && chmod -R g+s=u "${HOME}"
 WORKDIR $HOME
 COPY --from=build /app/proxy .
-# cap_dac_override required by non-root user because of nsm-socket hostPath file permissions
-# (while file permissions of hostPath unix spire-agent-socket grant "write" access for "others")
-RUN setcap 'cap_net_admin,cap_dac_override+ep' ./proxy
+RUN setcap 'cap_net_admin+ep' ./proxy
 USER ${UID}:${UID}
 CMD ["./proxy"]
diff --git a/build/tapa/Dockerfile b/build/tapa/Dockerfile
index 0d4c2a22..33799766 100644
--- a/build/tapa/Dockerfile
+++ b/build/tapa/Dockerfile
@@ -28,8 +28,5 @@ RUN addgroup --gid $UID $USER \
   && chown -R :root "${HOME}" && chmod -R g+s=u "${HOME}"
 WORKDIR $HOME
 COPY --from=build /app/tapa .
-# cap_dac_override required by non-root user because of nsm-socket hostPath file permissions
-# (while file permissions of hostPath unix spire-agent-socket grant "write" access for "others")
-RUN setcap 'cap_dac_override+ep' ./tapa
 USER ${UID}:${UID}
 CMD ["./tapa"]
diff --git a/docs/load-balancer.md b/docs/load-balancer.md
index d15f92e1..bc954f62 100644
--- a/docs/load-balancer.md
+++ b/docs/load-balancer.md
@@ -60,6 +60,5 @@ Sysctl: net.ipv6.fib_multipath_hash_policy=1 |
 Sysctl: net.ipv4.conf.all.rp_filter=0 | 
 Sysctl: net.ipv4.conf.default.rp_filter=0 | 
 NET_ADMIN | The load balancer configures IP rules and IP routes to steer packets (processed by [nfqueue-loadbalancer program](https://github.com/Nordix/nfqueue-loadbalancer)) to targets. The user space load balancer program relies on [libnetfilter_queue](https://netfilter.org/projects/libnetfilter_queue).
-DAC_OVERRIDE | The load balancer requires access to a unix socket provided by a hostPath volume to interact with NSM.
 IPC_LOCK | The user space load balancer program uses shared memory.
 IPC_OWNER | The user space load balancer program uses shared memory.
diff --git a/docs/proxy.md b/docs/proxy.md
index 6d75ad26..927edd48 100644
--- a/docs/proxy.md
+++ b/docs/proxy.md
@@ -72,4 +72,3 @@ Sysctl: net.ipv6.fib_multipath_hash_policy=1 |
 Sysctl: net.ipv4.conf.all.rp_filter=0 | 
 Sysctl: net.ipv4.conf.default.rp_filter=0 | 
 NET_ADMIN | The proxy creates IP rules, IP routes, bridge interfaces and modifies NSM interfaces to link them to bridge interfaces.
-DAC_OVERRIDE | The proxy requires access to a unix socket provided by a hostPath volume to interact with NSM.
diff --git a/docs/tapa.md b/docs/tapa.md
index e55bfc89..5353586f 100644
--- a/docs/tapa.md
+++ b/docs/tapa.md
@@ -80,6 +80,4 @@ TODO
 
 ## Privileges
 
-Name | Description
---- | ---
-DAC_OVERRIDE | The TAPA requires access to a unix socket provided by a hostPath volume to interact with NSM.
+No privileges required.
diff --git a/docs/user-application.md b/docs/user-application.md
index 99ddb41c..047b01dc 100644
--- a/docs/user-application.md
+++ b/docs/user-application.md
@@ -35,8 +35,6 @@ Here is the minimal TAPA container specification required:
     capabilities:
       drop:
       - all
-      add:
-      - DAC_OVERRIDE
 ```
 
 Additional configuration via environment variables can be found on the [TAPA Configuration](tapa.md#configuration) documentation page.
@@ -44,7 +42,7 @@ Additional configuration via environment variables can be found on the [TAPA Con
 ### Volumes
 
 Four Volumes must be added to the pod. Spire and NSM are required to access the socket files to communicate with the APIs. And the Meridio volume provides a socket file user container can use to communicate with the TAPA API.
-If readOnlyRootFilesystem is enabled, the tmp volume provides a writable mount to create the health server socket that can be used by liveness, startup probes.
+If readOnlyRootFilesystem is enabled, the tmp volume provides a writable mount to create the health server unix socket that can be used by liveness, startup probes.
 
 ```yaml
 volumes: