From bd9720f3c0a0246bcd9bdccc45e3e1c0a8704a74 Mon Sep 17 00:00:00 2001
From: hc-github-team-consul-core <github-team-consul-core@hashicorp.com>
Date: Fri, 26 Jan 2024 14:47:04 -0600
Subject: [PATCH] Backport of Changelog for #3498 into release/1.1.x (#3523)

backport of commit 9dd57ebe68cfe7f142ed106f0722775e1122ba45

Co-authored-by: Luke Kysow <1034429+lkysow@users.noreply.github.com>
---
 .changelog/3498.txt | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 .changelog/3498.txt

diff --git a/.changelog/3498.txt b/.changelog/3498.txt
new file mode 100644
index 0000000000..7aed5a69af
--- /dev/null
+++ b/.changelog/3498.txt
@@ -0,0 +1,3 @@
+```release-note:improvement
+cni: When CNI is enabled, set ReadOnlyRootFilesystem=true and AllowPrivilegeEscalation=false for mesh pod init containers and AllowPrivilegeEscalation=false for consul-dataplane containers (ReadOnlyRootFilesystem was already true for consul-dataplane containers).
+```