From ee74a3462e1d7a3660bde5e4271d66e680fe370e Mon Sep 17 00:00:00 2001
From: umagnus <xinyuyuan@microsoft.com>
Date: Thu, 20 Jun 2024 07:31:29 +0000
Subject: [PATCH] fix shield guard on csi controller and node

---
 .../latest/azurefile-csi-driver-v1.29.5.tgz   | Bin 13407 -> 13449 bytes
 .../templates/csi-azurefile-controller.yaml   |  16 ++++++++++++++
 ...si-azurefile-node-windows-hostprocess.yaml |  12 +++++++++++
 .../templates/csi-azurefile-node-windows.yaml |  12 +++++++++++
 .../templates/csi-azurefile-node.yaml         |  11 ++++++++++
 .../templates/csi-snapshot-controller.yaml    |   4 ++++
 deploy/csi-azurefile-controller.yaml          |  20 ++++++++++++++++++
 ...si-azurefile-node-windows-hostprocess.yaml |  12 +++++++++++
 deploy/csi-azurefile-node-windows.yaml        |  12 +++++++++++
 deploy/csi-azurefile-node.yaml                |  11 ++++++++++
 deploy/csi-snapshot-controller.yaml           |   4 ++++
 11 files changed, 114 insertions(+)

diff --git a/charts/latest/azurefile-csi-driver-v1.29.5.tgz b/charts/latest/azurefile-csi-driver-v1.29.5.tgz
index 76ac3264d7bfbe7a3f306592f93ace7b41fcd4b4..5ac944eb38c15aa5ad4a61e68c1c30fb8f1c8880 100644
GIT binary patch
delta 13425
zcmV-%G>*&PXo+c%Jb!z08#$6^|E*7fpl8DNj*6llmS=e3*w9F7x31l?LXvxKuHEN_
zs*)r|MW6;iQDVCtF&||2%grabz@y%%V)3DeW!BwJTP#!}0VFaLi60X9x0u6#gy8vt
zcmXF9;9G|y%w>0q$KiLYczV5FZ+~x3|F_rcmH*q@+3kI|y??jAyZ8FltKHuIcfIXb
zJG*<|q25YrpYg;(V*Xuk>AK2|`$`@hk)MGJ!e}2&wl{DT<^JsM{H6P9BLLxZ5=s5z
zfsz;WJqZCFGAc2lz|n<d91j7VPzij1eLyb`FHT;jzn_KikkAc^$IwSEiQAZzD}CsG
z`Bon1{GZ@327j?K1<*YIxA%7Ux6AYYRc}52@8uz5JcRxRLRVP8IYg|F#y;<kiO-o}
z1KIW2cmrjVRux5vL&OA;j8FS$iwUuH9bW;bAVDZO+A2tu{zBqmHo4UgQ5=S6EF}K4
zk4^@sOrCKNK;;HPz946uO^DJ6z}wZRq&Lbw%GJ5seSg*MwW#tO1o>^A>bUu!(7Zp-
zt|}xGpdiE<XICw|Gx;P^pXBP>>2CLCS4dd^M|xtP!;lEc@f?j*A6vEH@#OOY3p1O%
z@$4BohXHV)J|M{uqktGkW5xjq@Ht4Ke!c<}3kcB72&kq;=n!f76p93gK_88zj6{Dc
z$7z?at$%>|VoPFiEw+3{2V@v?@FEs?eqy4w6g^K9^CC_rSVGdA>DGq+{VWc{3&Twx
z{qpO^Gvpy-vBp!|anm1RYKolVF>I(J9y*MLWMdTKD+qNva1bCuB|~G7IKUEb_`1kD
zU80XZf7w9j8M^+n@Ng8>7{m<$d_sIU@O>6jsecB{=YS>jk>oL;XXtOLo7BHIku8g`
zDJ;+p2}9MN=92&o7)MhUchLn%#o_>m0uULfAJGk_`o~y+`kNzmL%XUzMkQxq2)wW6
zhnM3sed7s?o*~s6hz-z%<-;;<2Q^`WaXr3PBFi+jpe;mAP#lR7lZPdKli!zQcY|MH
zzkl5Ssu4wRW@97QU+L?*epBQ^76*q~Tr-)n1U>!ID72uyw1}_|eWWIXC#FJzR@Gt1
zZjQ&1oE~Q1q+D}|LgHi5M>`t`jhK+9Aa5AIPUT9Dh(H3QRMXFAaTusx35dW~Ap}Zj
zvSy%wfk2c=6hH(tK#ZcFE>4oqH;|eGoPYS@jB(jVJAc{V-gB$K5#UgcvSNxm9@F>q
zCoH5IQ7y8`k9MffLQElhg{8#)=p6nT6AnT4d&q|GU;<$uDbo|?ry-`4NvvGk<d=vA
zg^3!m;Gj~7gJ3cDK^W#;21~VaOr%KuLdcKeKH5(I9K%>^-dDZePsIMp;h!;x>VHSQ
zapkj}<SSp01Kse4sJUP?@3Z0yJGtfDmG3NBxkGqc*S)=D-6c2dp4zPRi*MCPr=w=g
zU_dC5Q#%`!>b`&we95@|NwN^QoiduNhpu7TM;)!^ISZj%G~r`C%{!I_7OAflwa)P^
z5mF>CU@!n*_EG1QUHBsi;t)Em=zm+C6)BBz=e2lCRI{Ot<Ad1;{q}^0gu>4(jK}aJ
zOb>h?g!mhgqmuxr)B~UB){1_A)lR?fmh|#QVy#tipxV}CwWO<*y1C!Rl@-}%_ABGU
z?ss>)$&_huqYG6Z7HoYR4jkUdB3w9}9sN<}Zq!v&wEQJI=(2=WTUcWaD}VN|wO-m?
zLN9F$0Lz#|CNOV78kxP2SUK@lq|Hn7<|pOoz2z*9($@o_|4#b*9B}YAP9(giJ}8<0
z{^D{P!N!Jh%rn<cso}0KNLSBDyG}Nq{s#g4U<g!NeHkZzU&Mm}x$UFQ`-=;21mU=o
ztgYX&i=!Xkr4yplLC+ALV1E)S-jNB&sGna@rsj=!xrvUB|N7zWCOSF&{{1HU+rjzi
z$?4lobbNmP{#?0sYNd3>+3nOap?=8z-UtbeZwr&n_D3L29j>d=O6VC1FpL=$Aay6G
z(o`fpcLW0*htkQoeYc4Y!&oW$?+F*Bzf@oUVEoZdbjm1L%M*g^qkpXl=361T+Oog6
ztWuzsXsnL{xFVQ3*)Xp*(EtL*u~J`39?pP|i4aDjd#_)=PJ1O;Fe_;{$}H)nJMbb~
zITow(Bx-{KcUR?1=Oy`KZ>fqLu7}eCJG>T$UvrTBw2^S5))q%GCv<3yHlf3lA!X^$
z$G70eI$Ca7%-3`Ye1Dv4jEBZp`lI99h=Y~D^c~6^4yiN{Dm+=6PMJKRrMFh#OTQ|5
z6T)STLob;~8#jao>_)g$K`cPc$TQBA1CYl1MP``mm4$ahs7qm_Q~LQ~|KkMnk0H7G
zXn%a}n%0kgCcauoTKATjiL<NRZK|^MOk8l?uva@1GxxdVIe#;;s8_z8$95hwejPF#
zq&~V{6%e5E<j78?XXqEE_wjJ}D>@k<IRbQWaD;HAT|@Q8hP}9lg&;!;0UBe9hY%oQ
z=^|nxK7{J;1s(&EKrxjF3;mOCth%mHj({RH{Y{aRBXmRLNEe&0R$Il%krFIR%Xl(c
znh!bXk~sXHgnwWbH9z4fT`zG6JRPQc=na=g_Bi+dB#fgFOAuS9?=O!py7E>oQ^&0R
z|J}Wv(*EE6>%E=z{@;B(mr4cX_Vh1KkTFJTnh$LhIDjZ*QwWe`W{1Ge@b1ROB}4uQ
z{OcMb5eozo63bX@q9_C`0P&diHxf%PL*#ihiB-J${C^pB&q0^#rV$ME<%?p)5c51?
zRq&e*Hzg}yp)X%L$n$QLN?uR+#%IR-|1^Ry0xr5TS{w>6WB%{#Rp$Te{oVcb{J)Rq
z^XIMqKoc_VYa^`$LHQ_e#;RNV5%kf2Y<>B%v7w6{-$s}Q+ICaBg{IBDMvLikpFevj
zfB~U^I)ABTbyeXG^0N0jOwctbGd*9sKO4k}D*1i_oRa|1@5;lcKHA^a|0H7*JwY8W
zBL+0k|JDp{9O@l9!;oQ7@oTX~$~)2f%U9EkZL@mlZZvSO%Vjl2oKQJHoj(fikD^m-
zh55GyP@&&-$W7_5&YwD{^Qp5)i`aO~lmlf{o_}cMG%01)JBB2VqLQa=qF0|kqhyv>
zhpLO5UlJ-LroQ>QtZ?g@Hw&~z&chtXssy2a7zd4wtKrdS<A_lmdduymSIb41OOFi}
z>j>+ddRNn8S0o$CNh=14NF1cFIyb=-{-&r^KKUK}GiI{T$zQ%~j369$#b`^*XKg#I
z^nZ5qJlV;XM<tloNV31<aoA8It-UbXMm<Dv7^ZlR0pln|UkKDN_ECnr$O%BkW*MBJ
zYOeq`^hX@iAvAu6QcQ>H=$a;#TKCWz`fi^Y_TT4$m)}%a2ou<7|CQn2eO<KwJKMXj
zU#;!`eLSVfmX5Ox1?m~#dEQ1ICyXNkw|^3-j&pRc|7=v)_Qo}#LEqw`&TT~P2z1<q
zFuIYzq57pbo!MK<Fgin^T0LIHBn*HT^y8$L;>~bGJRC)wO&}<$(?04XII$s-qxh=p
zvvGMpPPKqj9OkzLHA-x2fB#h{f%_0fFUc5$#N()sXdH&={?9~jC?#L#x=t9>vw!WF
z4H1Ec4-L((Q(ZAb*7k<!NxPY4Kd_NWA%Aqdd`E;S5QQ<vVTC*WPK+2g`@%^$Zem{$
zI*dci%b#r^BzzV@AEj%tU;`x%m8Rk$90bI~l+KiE1pH9Z$U=Sv`1lD8h_5t@5;`3|
zvQ??&CI=i$^GHC+5C_#yfUsq)Ykxyw{}7CxVL9rfu327o_1Bl|gGeH5W|+>)KP&&X
zkFFRC0aGWB1B4NUn~XOK5Qri?Y}4SRtceqOr#KDP>GtVafX;qCL<7#o=w?Lxk;Pag
z<ZrM*FBnfydoPnZTy2fO?;4t2wJsw<0=2uIhao28Qxj#++JB)7pZ$DTXn($t+~Bj^
ztxs9Qp&1m=k=TYt>woJ~30?IRh4he7#Vul2{{UYq@7Qc>6FMw>p3RZw4w$&8*K|Os
zRLjmdPgpc<9TQ5%@fZp6n{KmVAdMy)c^ypyuADG6+&NLm4S16bYiYkAzm<i!{QE4<
zFH1vH8i^1Kkwo;fB~h_ZU4QRSs-&u&o`2ht<<ok0i-IFrI*rOD(+;;ql|rI+?h>_j
zWnFY;!cbJX)N+KS(r09lMxqD0q!L5y%NU2@G$m>WT9}ZRDssi-sKkO^bGrGL3;`7}
z&-MWH_m~5U7%>w8O9a>-Atpz_yXdc$m!CddTq^Zrc!fZ%Lm4-)U4J|*sU0G0`|Bm`
zip4Z=a#=r?b4{JpY#Kbb8Y<mJk5EsNF%;FG#MeL*F^p*dJe=kgi8YqUpqT2Ll{eaj
zMjTdOm=*+Bg5^I)F7Z{m6)&Jb^<Y>-%(@5$@gn>YjB!8P-=YU+CqM6A6n;j<?kmX@
z5eVxYlIQ8P)k`cON`FkOucD-<*vYwlqqMu3Qt+AWuu5zbF`f#(WU2@UuT~=?6mb>-
zm!!Bmm2(pddsc<EJy*@QYg@A(H0ss*6%g1SGs-|a238I0p(t;l4G^Y@ylYIiT5yVy
zMlSn|PJk<0<Fg?pzooRbN>G*Rb&f32)P4-bq1k`i)Khwlr+<ip)+#a0(X)r8&`-)u
zA#}j9Qwl>O6ZhC><8e%hoEnTExr!y@Vk>|Ngj<3PJ<R<Pk>Jai!<O=GHS1Kn$lY=9
zEZw4hUf{Jd4b7t+$c7P6KBN&U^Qmb?)g+%EUtFfU<9aa4y<f8BA{zqLVT2BVn?cm>
zk2do(&_ZhW3V%taQ&L%tuf{~Ck}kB`KGbUl?Hfjcc8|~rMTd9{;UN}q=L4X6T6n5s
z+YLeD_ty=9dS4L#0EG4;{1N8Zm%!EB^M#qP>GVyFcB#*<rdC5ZJHl~Z#%I)rNQy11
zTeplNNY_K+nQIM^JqgafTkH+DUeFz)g{ZohUFa4oX@9D7l${gGdT94QGZ*EvEu4+J
z6`}}TYM~<#YC$LCaV#|!3=d?gF&XV<?WoYGZ;F0f=YG2ims(l-ZLZ-Z=h{gWp)(hy
zS`XVgtl3JWhH9?6ts>1jylZ+^t!R`25h5NN*Y^r6CZL9>Mhc``eF<2gWatt-o*O;G
zK@HI>(0>~j<<(?*E+tvGC=Kpd#<>Is)eDcic#Q%`p4w$f3qh&<wnk8JO?wK)y#1;S
z)9RYe)ws+*s197+5ZR?=4P7&Cde|5Zr*`ac$rVrn_hY8oa+TMRU2-tZOVd-8myE*u
zfeWg`(-TR*bZTdQ=hqou)`~*q%bEq+49)x8v42F=l18cveMeD8XU<w*y2$7nmFIBf
zQX?S@B%&l#lbG00l3BwU18Q~_i>usB3S;4(@CRr}CO{KZgRXvrCxFIrC`lA%lnukh
z3f$I#(d?@Tcn%ZMH6fOg-b)phnb)pqfs6HSmPnX5M`j+?64fYXb0F5mWGvB5(tB74
z=6@4yQVS>$qdW8c+ivu8^ep5H%RJ?TQ9UZEPxN_UIa1C%Z7X70P3V;nwu6|fL3`~5
zqIy)X04N$`eqHgQ4BJUNH_f6k8zar}0FzKt9s&g&=ut{iIf`ARPt`bRS|8g2=kyU9
zdni|?3ajKsp(a(7s)Z89&^S*H=d_}+%ztvZ!96tva(=z>)??0<tx(P-AEyBm>{uU~
z=a5n5AE?zpENrA@nyxdiK;EdqXd6Iru04e6R}t$oN`p8=FRrF)HA4by-5xCG3)7Tp
zF>94VSmq_Vf`JmOSePm*0T=setpnK{ewn4Io4;<Mu$>Lfx-=hQBf{;XIYVnF1Ahn2
zOsf$HHW87j>K2*qcGoe&ddfJ6>Pei9dN?&*YC;!{4$c&07oEPpJa(z=ONQ`-kpM+Z
z2%?q?0{oa8*sF*^Y$Cr&q@A43C**Fib`V~*prg5keGZjX+)tY!;Q6A7G|L(BM3>sl
zMbByijOD;0I-w|-QamO;66Kh3wSO(h#{xEUT0FIC0}|@f@@btZGnMmy`6mTOcakbT
zsm68E_>7D>wToVD>N-Um)p5`qo}V2eABSNVeXk9rGqTsvie>p!<utGFh>!`VqLI~P
zwO{}VNW@XZxSA7Ey9!m6VuDRZtvCp$dL|t?9fM}oO~{yDQ=0&z_!x_4Vt>4DiE9vk
z;GFRpQm@M-;vQn5G=Ts<fxx~B^s$7TB-yrXIvPv{2-9g{IhN*f7(o~*ODP$OBjuci
zFo7^9nBoQLLf1t$kJ-=4zf`0G@JRq_cIuF{9Kkdfg_VTHfGWXTElZeaNi_aYZZwMd
zIIge&onS(1gK4BkPj`%S>3^Z*#RMyybI*wQH9(|<m1|v~6^rubYKSu5kGV*Op*X42
zaMFi}rH0AQDKmO?%hJ?g4*@R_h8lwq>EY<|Q*;|_(L&re0EtPM?!Z!=2?cl}b2ZE8
zI!RPwm(ELTWfKnTS9R(M*>I?)vNBdAjXF^~W|&YUfC?hX1oGae!+!*!*%2A(G(nXP
zlg;MG4C@UR`EGLu6=v&>nOrx79x~*^3=NYN%(-AKfEcbWbU-s)#<Sj3HcW*!#xrMv
zG`pW9`xFasS(Uc7v)NKMI2cVHKn<IQDW~RYVLE3TN|!~Do5rELAvHdWFv+1hmpq1!
z!_GR1qA_3#1yKzo6n{i{%c9AuR?#^5u1HZ2Rl#nYEG4N=$&}Z#GXNcKxi<zW75ikM
z@&J#<nc(s#mvJMth&g>8KpoYxPghe3qP-89n+FcEi}{f0JaAB)$>hvg;C6uO97vrx
z%}9mWGp`*;m&of;u=0}IQ_%p8)At&rA;wq_jE*~*nNh~?lz&(ydY0r|+H|JozBhU_
zjY1_e)TNkaEw^<8n&xGMr36m<=>NU=_^02!m;d?V#V<YYFTeij#mBDx$A7&1&zHX^
zfBfm?%NH+x`SGW>muJVnl9#{#LgVqZ`Rn%=zrgXYEs4B*`JaENuyX6=pqpyN$GB(a
zeR>8wH##meS$~a}dAf@>YQHjmcaFYYC+2^NuPSLzY*@`4J6=O0-6+9t5)%2%Lm}4?
z$a{i7t`z#XI>_THp^i@p;`r4<8?QiOgKvChqD*-=1Cj#i>C5D>sL7U_Ldu9hfzm8~
zrrn>RgR_%7_R9=+LWqM8WTMR84dztutJzEx8h55hM}Le8YYsEwIn!+!X7;41DC}+~
zR8tpJx%?WXCeRq`DUh@+&u6hZ!sy=&oj&T+9QoKv$W*bO8Q1?yr{%4uQ2N*`e;*ET
z`h;Mns{xj-p``Ut(iMS6*KpA`aM61Jh(0bz=u-oLE(`Ts64bdQd~<1_=GP0!TmkrU
zd6?zWfPcz6gibyPUU6A;;wrF+%Oek$#u+Y)DqJCk@D31z%i;r<M+1IK*uNE{{q73i
z_k<CB%j5S}fYw_HHg9Pp-q$K_j|o$^Dg@n%@N&ze<Ce$5tpxeDBAnY3N42d4!?rwP
zZFzj!3eae)z@9yBq}ei<vNd|_F{8&;fE8N_GJou0ti)^<mM{{_BD$V9erpwIt(D2*
zl1QxOC2?t#)rv4x%Oa?j#Y?TxQL92nCAWa&;8D4sn(<Lt6axD`L=uA2a{jxH+09H+
z+UY-iMh&LQT+(W4hT!KUC7t?lov(0qzCzyw5br!|VTOLGOI@f-%*bD8xixa-$YSWH
zwST04L33)u<O`eM@G!lyV!q^tIb4NJHEaakboo*Kr&(x{BapzydV4Qfk<>*?k|l>6
zaTX7Yuv%9XGz&Wi5Q0qZSSC`~$czhtpbI+SDEbXy)Li>jY_IE;quq};(U$G6bR#Fi
z9FNt&SnGftk&k?6RmVV-*DFjH=Wr60Eq|PYq#l39VRw=xF1Jy89Z{CT1Oy4KhWV3y
zI0s?Klg1nnWi-2iA$SDHi;|67C-`#s$;DaNFc!svY8Bp6%eX>~MV+&dt|^hN*F5OL
z_?PJjXkqP~gIdpb^oVt|!hufNK}!oIYa3_SI?<*kXdqBDnhN6Mu<qb5qxE4=&41f9
zM6#PQ)vEGR6}7C)uDqnMlgABi02+_W8%T!j(vPMiTM1-(J!YLCrq{|;0O7VZwuJ7n
z5vD<?)kY=doI~pBKpgArc#jqClo{6IK;#{+x?p5&=%5I($xOE%%4?W<W*o;jGRxwU
z;3ej`R9%jczSSTx=~?P;bU6Y6d4Dy<BK*%7lnKhADHdCbIsGmDBJW+U;0#OKQ!9_g
z=lxcF-8J(1ZjjeTfR=$@YYMBvU@x*3S>+03<?D{ex!PFcypuk?>lMX)=<s<~4Xauw
z+{wyd6>EVf;r%~qe}8?1;Vbd!zj`me{a(v@cje)CSBwt7hwYVI7^!xH#ebBUwZ&pt
zuHR$H{xxH3CFN<!&6Te%JwoY>ywApwvZ{s6?u>1U^k#emTl1ZSS6w)?s$}*$+htm7
zJdad4<vox_6lnV>@I0$=ee`|>OY+(y_lFlJiQPz~$ihc7G}hsWWqNzwL*2S9ONLJx
z(gkQgx(EYL*}j61(V<u-xqm_ZhSlOcw*jx0!{!N=-HKJaCY{4T-|yPcqB$C4j>9e6
zqUBnmd1z?PX{pTDwI^$PsD%A8DJoEhQ7<6ky5rimNsl@-&(B8?g(z<vtoJ<E+cuAI
zi8tevdf||IHkk~bv@s@B>a5wvOxyv0dIWn@c&pNm*&(hLwkdlWLw`AK94QCQl?2CJ
zysju*Hg7ky2%tGgt|+ADpxi#l_C4bXd|0PUQj1VxbiRXb8gHnAc5y7(7)wjWg)lz6
zIB6g$fg?cz@Nph@T=a@Nwn8&WgZdkre8$awPT)ATZenn%;Z8iV*wl$8T;ioczRB6+
zd<PWvD&~=@#7Nesaet`BJ5gQC6V=5%Q8Q%S75_x-W1x)-4@aBlS0wfnmCdc?Aep9k
zz&ZBPow!W?&|8paVLT*MIh8M78f5sunJQXO$H1OOuOFX=eqA_0NOGd95GHuRc(yWq
z>0r2K8Y9LlY5$Zi`9~~dmLU!2qJ*__T5|jDK1)f`{vUKmy?@2IrQ!#rq!#*oKvLop
z2|D?UXNynGS%ujq&n-*pN%ELv{p{}5G<{^_V51Dxb{E-2T6cK9xU0L(d)wJH3L&d@
zX2zGijGHsPbvG!Ym0pCm{M~6q$!vLHT1{c2GmMS-i3PJ%%tfhqqQuAQ-^F7rHzSsV
z3^@8JIZLg*e}6S1HmBOZ|MlPBlMu`-`1im5M`@jZ|Led18Z!U--~alb)(N?bXb`I$
z4Rg<h;W&4;r8vSais_h_gaK28!)SzU4vTrz`eGShW@U7#%O>k+RBe7)beiVIG#WTH
z1B4DY>#BCtU{9tdKDs^yoa}#V=PV$D0qBex0(81O<A0JH%Yt1bMeL6@^M_lnl!ewr
ze9(y!q*px^y!g1BgJViI<U%@!K}ml(!(lE*VSxZyIbY931b%l`y3hP$1bJ+1xb4Lh
z^W-G-+#+A>NpRPyj0A*(Z+12Ei4L#8WRY;5<D1Xb-84+-L|N_PkM&-kmhQkNq{*>6
z!che6y?+x2<wgCKx?o%K6y)#V?4%5HvqR}zEzY#ux}`b_I=k-YCj(O%&vIE3Fhh~X
z?hv6u0uCD7B#MAa!XX`9qq|H5E0>M{YrK^fBJ{s6-k)y0Wi=$tcwwCeKp(k-F;Kaw
z^@qu5q%#Lzs5jj)repv@c5NNN#V<R**0}>pcz@v*kE0Mala0941xw}-5vDs*idx}0
z7F4zeP{fj?;WxUu$~-DR5!(n}NUoueIywNJvH4j^{}<PVAL@BwvIKTip^jlL4Ugsx
zNyelJ9&j=og8S|VWS2=gztc;l(uuOjITF++>q$*?h3Q{*ey!!W*k8(y!!6n|OLQVs
zFMqwXGg3^c#J8#@UwIpKJ*yMF>DfF{j(~DbAPl`^?SF%(suz-hv*}zhmyObzruch*
z^uBL6Qvx-lNsg-lQM%70{AzYBkO_+>dnEn{(_xx#a1hIw!(u5Ks*&R4aYT&EisQjz
zt}Po!+vO>Ip5JL}Y+O_BPc{KQA#k&G!+-cSp+irJre{+nZE5?n^-TX~;kIZ4*0w<f
zYj>BeQuT<fg&LJ?Ewr~|&o2^~Qt8{0XO!yLn#n{28sh-6)H!!7%Bn+kS~!2|S<H@y
zX`udXQkDACg?cb1t)}mXlcW0)@R%$#S8JENbxHhcP-4i16hn1s|GcVO?%3LSpnofY
z>z%)E{C?2Gi<5jH-^Fevw7<S1bgtZKX<(!#{9VkVR*aE=&BBy!-)CVE^nsFFr){H5
zfX{T2MMV*)&jOQF6jMZ~+~4b>_f&tsnIOi-%5nOyz<rJBpZ+NRc=}(q>x%Qw@JtJ}
z3ZmTc?Z3S4dA)6~x9y<V>-F{jM}HqK59_nTX<lp8TOM|nJr8!_X+8&<U8d@kYF}GE
zv>FS)zIpRW<xazo``*oxQF54|_1&A_;N6>T)3Y@Kpj|Dpkmv<7vN;2Kb4zq3P1;OB
zc>sBypUIU<^HTZVYIjVR$^hpImoJ|a&gm((%@Wt_J=xraebk%Fv6{7?-+#21PwF@E
zb2`J-lQYpJi*;lD93Ls;ZuUjhIGG(ZJLZzOZ+xZ7VH<J~VvbF(^@XA96ESn2h*{xD
zn6Lc=%=+ZZy`FqopLlu9CtlW>S?(w^ixrura<dp3E6dI@=c%Nx=q%DYBZ_&}X(PVw
zGeuwXDWV5*IoIiPTAu7#`hOhH3Qp~;<c!W7CvqD7xF>u7XX)cM%O9?J<VR^%cW~zE
z9+O$>K+G~nU%t*mE=wL~dCWK0E_#k()u$GgKBMqdP9)sJ`Ge(88?5qd!Lla_R&{P*
zeM+EwN?@t;04qWMFNg787R|pjZhs{R{bjKD%b@O;!Pl>m^m8|Ejen$HBk9+e`88&K
zjhTOZ_kYh0k$tmwfEPCvmqD#BjZt3~k^Yt9&z~IHe0}@&(?pQp>D}9NqQlqsZ$GB{
zw^xGUUKX*v5`6ah9__F89__CbA-yyndRg@I<G?yU((AuJfA$d20C``&Y<#zVnjidI
z%wa%6@O(i$qmi~GjDI5y;@VO_=8B}(a&)J79JZ~a*X#B6_xALEd%a%izdJko`}^N*
z@9ppIy?*s-x3~XYZ)bOV_tkf(cehP9Pb?(n-}RQRtK7J+<S|q22%?Zp$3SK2YL`fC
zO|}bnwHT=D=g+A7v%&1;ghB_`zkJ!qM<aF7a|i(o=w@+8U4JUXR}k7ckE3WdS%lQ&
zCe#n(08l5D%&wu-L0$AaqJ#!&{kf;UQRTJicF;8+nNs>o$^MSVA^IJaDJXR^gIMkk
z8^deiQk#|)Bv3dGQAm6&>Ut!3Z)y?{f-jTh?ifpd^e)%4wVjrH_s-FI`$>nl9GOIA
zSRQf$qn@z9&VO8^_~(p~)<Tk2F-S|^Fn%2}9GobkL{7T~L3wgiAg?${i*|`EyA=!Q
zqmEQge1U!ov4~jkE-z+Q0=k(D{CN%`i&$__mNU(GN!Di9f=a;45fkzhq-uLz59f+x
zH7j3$_;BFsRrG0DITT;#sAUu=3*e$4!P*5VgrAw{qkoXl__nck@|0S4ca6N{CtFP4
z)1R=Az;oqQWgcfC6mOf_8ta0o_mUHp_LUu)zt2KUp+%L+E<&WrH`W|+!Z?xB45?xr
zR?jzgG<iNJ8o1cl(UOJ0%QBezv84<)s?&kKDQudPar?_00$%B8GR8wVi^K2&d=4_l
zefdqHmVdghi<MXOg83oaS<ZXd#*8ZWDuc`M4a@Ebi!-GXZ&7EfQ>?!03v!lyp)3It
zL^3|j3$txcA9Zqb(R_b}1)M{~(3dZjcTKeWvr0=mL|?vi%ov0MTJp2HI*aoeA<T!O
zyjj%oCU15+l^?b9i-SO|r{4VG#lg|h`SHcYOMgef5O4t8(^`fwI=e)6+3lM;Psl+;
zk}<GYzS-XC^@QU++)9o;gVpj9Yx|~Xq0+)iTX;Ak-ajMp=2fq$#8u3Ne6!ti6&e7R
zF$Zs`Rt9f=V3hH*pU=S$F&Uf9w+aJ5C*={aC#g&im%(0YsQXB*I@JGl1@o`VGNk68
zMStI;S>h3;Ws8zAv3Z<hDk~B)R==8KVTy+mhlYE_7f3H4`OriD0>;l?S$7niH(Rj8
zZqDi1-pMnZ*B1E{QH|On-AYV*<|6xaRcd37O8Tuon_H3GJs0g%OIsy!KRTqO=vF%w
zn`ThM98pjG1Y2wd<p!;G1}Q()kG1E+sDFf8S>)Nr5xycJah~|$EGqxzp@VntoYRwo
zAiuRX<maaJ%8j^_uG5$%B^Ni|OV+j8ndLO@_c7g`d*;e&&rA%D&{%+{cNyR4nCSD$
z2RRcjs&9+N_8fdR0d6q4$F~vIx9xt9Nf>j`R`>bCTHR!97qPhatS>C9534IeGJgRI
zLMZS53ficP<cl-)!D=-|1L^8SE*4%;Z>*}uHrk`;+}BCDDXB*zote8L85sEItbmA`
zgGF8p#gUYemmJ-F6EYu%>a)H(#8PbP2yiGzXN=2qZCmMLTZ=B~MU2Zg3sNq3r6D|d
zvon_}C|2{>wLyW~hgAq^5VVah$bTZHE7b!vWUDhWE4bkNU$&-pUV}HOn+$CD4ki$~
z*WT%D{lkmHi<3{sr$=Y+Pfjmg(SR{XPJEGSmtI%@zna-?OWSEzvkdnc9gtxS<5>YW
z0keOnBq~q99vih0a#!>tWU&Sy56I9HI=JPPiR8G@#Se996A3$=n{wt|wSOev5Gyh1
zQ@mIJ_wW#?bhO=+`5=HFs1j~M83j+og8{j95Q-BL7rKO-5Dr6j<H0zR(?So_G*}lu
zR;3TKrk5ydgh*M$)6k+4sk*RzQR<xW3|pl1F5*lwpM`yNd3ctnB?^mK!d9#{87UXv
zro?YE`L5`TLPf=19T=zja(~1@j93`-(W}CHWzgS(ENk`1n52ZGrThl78`DRrw@|KY
z!7i-xAQFms<{kb3p+piK9zlqw7Y5JUN4rIAj&+^V*W1O{5pco+_s8|CmjC<V{P@%1
z`SH>5>E+46yHDSrygPQSVZP_gk!HY5y`OOOBTSv=M;&|G+Uy*1(0?0%IQ*W3aF~#(
z_MUpKVcOS1;CRO(b7nJ_ZK>SGyrFR~&tgh$`&(P}{%duDT9u_wbewT^J4KyNb!Hj{
zez?3myZCf={{H{`-CciG73S!ch}H;DBZqAmoS(mW*elB0+xMR?j(+^~?)}?O?~Z>y
ze%H2EEjn-6#nF%NGJh{)E+0DcdG0lSUH%xPpF0G!<s_t8_5AX6NmcEqH*dQE5t1|1
z89=}|t{rM2%IQ7Jd<hY5`B2SH%K-=PX*g||X+nfvbY1S3as|;f+48X`c`W3X-fZ!!
zmy|cu<`l67Rw$_~JjCk6h?!&C(kVaM-8mxMCNnL5;S>~Q+JCCYsH559XAp@;`ZPS_
z)A!uKeK+#GKd1b;Wp5^jRY9zmvzf$Z2whI5R)_zZ3;$<T+&tL7?`GovdfUC-*CqVl
z&d%=68vl16kLP&>$X_Lk;)X#89$uW-1g(u=z~WM~1o4{}yH~<BX>}%uVWT;!kOT`*
z4h}xgo?-HRf`5?0QeuB}o?b3ovyLm2GA)Q$a6$*{J=NAawG>9Rz9R$hr+%of6i$;o
zpQ*7B=@p<JI*vv#29A|x8i==?#gW5#usa6bLJ14bW7j~>ZH~aC8XN}%sIQcBMEYA>
z2deiDjxJT%<6DzKV2z)C>d##IUjxu?2o2bc@RT`=IDhj&h#3~4S^sbE?N#*utJk~x
zYyE#8k9CzW4Kk>#8Q?BZd=*0V_gKIW%9Sx=f0)ACl&-OGatvceFJJ*Qc~VIrPFDyf
zcTrsdmOLT5Jdix0v{DqgN&k8wIhHWA$x4-}B6Rpcze+sOF~0pk@dT4ljd-Ew)RgZQ
z-zVK?yaMp^lg%hX0y=P$5h)XYESw(_E?pbV5a9c49G!8dW?g;}Z52^WB^kq!Nm-x1
zwq5l;%B>=D>v3bmDiItW(*yBA05@IMIlV*&A1;4*e|~cL_m3Yh{(f<J{8O?$Q#d-2
zqoYRUumSw7-hYj|y_p9X-QUJ<wbF8QZFXR_E}UvJnp8HBBX$E^j35kuyKw6OR{NEo
zPT|HokuXO3e=nyIWKk;Qonbjbhy9NqCzyZy7?P`xAC<}qL4N!g>8!uv<Hy>?^v93L
z`<`*Xz{s7&{+doLXw6}m^EeENkQ}#yJgN`P^8GydY_&2yvx2IixjtDC)o>TJm!-T;
zR@FkyIWA?<t$|7u5tg%ma1T~&(^@oYGQx87<_|B9&QE?mKL2!n{Pxqu`@<hUogG~M
z;G$t9-bv!@-G{d)r<%mk$+_#}w&3R0`)Upc&^A&{y<~RQPtF=hnZ4S`(Iswfme3B3
z929$Wk-9(Gftr5&=&a$#4}U%Wbo&12_|xgZPjhU~>SP-=`?6VoqE+pg>e-UJkO{TY
z`mQNfX9=2jXcEE5wr3o)*D$iD=2+CJ+?0};AuSbc0h6Xz*DFJ#DQYBm^M@D3xmc&b
ztC*y`=6fKRneLIh0GQPiesa(<-PAUqvQ)(IRS4b?WO95#NG!!0$L4}5`WB>353b5J
z63s`8JsU2rJEz!x0!?YcQMEYACxRhLdd*R0l~|%X@p;xTq!q!C?!uwUhvO&Pcja-d
z%DZ|X@XI%qKWgFqzd2AKv+_Un_Iu_0PrI*n*ZY6>@wC|gdqJ6Oy$Seoy$iVB1zhg}
zu6F^~yMSNqF5qgn;2y!AV$)_u=_Gd6q?RE2!~VxQn7xgEa0jH-=E(Yh_kst!=ia?2
zpYnDTsX0(>;&t^$tnOo{;;^q{{my{@st#z+yHa~Z2dUSalMlB!`DpeQ^`t9j04*$Q
z&U4g_)V4h!3b*C!%4@a=3^!YiJF|`t7U%&dl`#w8jhj@-($yU8+;2YGx!ZFK!QE=O
z$F!;XB(^+%XXoNbWT-J2N5|R8<*8Zmi)!gP+^XdBf-KJ>k}tf3fm?6%eslRk)_b$-
zz1b(aH)|LrG$b_5Sa%Im&s-dAZgWhMpSzhq(chYieuU|P{_t-^j*|T9?uwV+;hi%N
z%B%&ObKTx1tw{F!o#zrMy)2~a$iG?V=XgYW>&-rY?0S>@iEolWo@^pd$M3f}B=kIQ
zB;a1H*<Aa#Q*R)=h(zF31~*6M<HzntRp?{xGZKQ0nwP$;Rw2e$3)P{%D}C||$q@+9
z%1a>3A-w`j??DA<z_`Ap4@;ug75ef~m_Fy`3dj;MeLKCqfKG4MjBs+PnEL4oBt{c^
zWwyP4SMKoQ1ZnnK_p73^MCVpNZ|vduYct(k{_ZQmr<i}&CTE!;=S^8iS_^$!fuFOo
zlJu`k@>eAF^GN(M-CU$Km*_9l;qLkx!Yoa-v;q}ohY5<_X)&))g(bH|TAZ7?DtB71
zrF)_w_}Ii<CFRi!BiY1f#bTCw;+q1*ePhpm-1xt_vp>zm|84hP@0IX>+xz>k*Z9Bt
zcuJdOCQq70{;dMZXA`fj6vtPkxdIfQA-X(<&(Qe>5qz#uc{u!@o14XNo-A)B-{*Cb
zrY$Rg3#Nqb;}XeS3@xC-5udO_l)THQfLH``Xue(YHc7+N-QWSOX1FUfV8;4m!~)iT
z^u|i@pidlW*e0Ft8fW-OFOn%2XmKyhTzgk{cUenwRLo4{H4<=*1e|mJWY@S=iY<qK
zOJ+jD%H|P({~U!M4e)Q)p7E<Wfqx5KJGThXui{*0@wP1+Z`-Pkw=H(}-D;tB3tW4(
z2rh1GAyiyh)vqyeYfN0V{C#5LvPr&wM#Oz<h&T&d(^}0Nau!GRn7E%a#jA6p-y_t{
z@D~9e6Cu=!wkp3yF=r*79A<Cz2)P;eW6j3T<(OaK{;@UEZhaHh8eO+W*R{E;tI_X`
zIGK<Th7dSr#BxsY{oE4PwBmBEKRAo<P_H}s=&vNu7z3>moGj>Xv^#lsmz5QN2?a25
zejLDr_)y_uebd<jH=UIilCyAh4yap8+|B$^fT9hb0lI0JDT}kX5C=6AW$BJefm(~P
zRU49MW^Ad;-x{X-j9SZczYY=Bpc9__&2wuk*wcDi;J=cq(!AVCX)X}hjQjsy?Y%1F
zzjk}Q_5FYM@|1Q-(rfXO<ZoVo1_Fa9WYaOw1yEoq+2kLGnJB5kD*}eKs%8aPv8H;K
zN02p9Un#DPLlhDpi`IRZd|;}c8zI(mc$NW;=_3Q_m5(UXSm=h)=Mr538e@J90m4Fi
zwdtvV$u>GXKQhM*;tV9GX%dQ_z3S~1XnT3uBn%PU5{d9Y0!Ns$m<H&7b@!E8{xKQ|
zRSS`tn2!}B144sBy@DY*BEl?Ikr=T!3>3RV?cH!BN0_SrQAEaso-5w-TXG1ARsg|^
zm=B?kdf6`p$e>w~yCH$gA@W*}{t8m;HPy8O9Ni4^k0KRcm9<4da@Jd{g^l@PEF|y@
zIacYfoa3+}z*kchd4!#R?Ryt&?kh)=%{Q|eH$?02!Y%6lRqT?^Usr$Lujk%Ry>Fgc
z@4W6fwqruT0dP;xUczWyF8xxm(k`RRx9YTx-!!`j_R9t+KvP(?Rc|g7Yh5P;cRe%K
zfBXvjUhxpn{HwrO_y6wnc1!EOz246H{@;6fN>)ydch}c0XKv|#cW5m9ISZk%_S2<t
zEJuu!-?aVC-5cMyAk<&lkgEr`5;(=77jZTriZpPKGwpmYbALRKLo?Mqgd?JN{zV`C
z(&_xVQBrchbfWaqbsKHAg(kqSbb%qr&L--FMCkwCsO66Ohv_W!uK+@jpubz7LO;Z0
z+`3kCB*;})@dAH;SIxGBuN=9S?QGd5m;jXv^qg(YChA0W)y-~}FNpGMSK6SZ2xew-
zChu0}><5iCuCgMf%4dz3qduQ89uS(J@UFVFi%~~Am4c)j?d&N?Lna}KTzH<hQB_KR
zB{U#(co(|Ko|RA4(v_`hIn5;EtABtmt#UH$xhSmPG})?ur(ay-`IWU@n;4qXtafw0
zs@|8;)rpWabpA%o2;Qk#!BS#>^cC5ZdhNb)C8Ys0ZFMW51Gcz2Y^j{gXpQHwBrCBW
zmD;z2#4=tb6W^NROefx2Yu2cu$Eq?D4?*6))^t0O%XyDZH`qktT+?i&KGt$>_R4*`
ztlwrUvP`vq)a%t{`K!^gYi(N5rujL!R;cxgs<lqNUzN&1kl(&OCv;x5x<p)KsTvm7
zBll&59#~)9x4K%PygvawRqBn0(NStxYKJWCoaA8IJu9jPe=L*fUu$}01+qL}=X@&$
zcp;H#Bi)}rCmW#;y#?}3KlAVZ&7TBt2L5w<cdv|p|J-@?dX4|QmuJTQ-@Te3ohakc
z8J`C-Ir+|bRK_NsZ|z>pj6*Ee24+=HTm8SxA%GeBfA4kgRT=-Uep>7Qdw3l8zgNxx
z+zU9QM##R7aLF3;vC>G%I@o@{!S>ZxxYDiLg_&p_6TDLo&!yEKl}A^9RA8n4U4wRi
zxNw+%iz$PhPNCCxXn`IuBz*58U+UHM3}_Ozdt2bl@c(T;Vbf0wBEe_He|oQXO8)=;
z_U_)=|G$r?eEzo-Sk9dNQr;ftRBJv1+#Iu>|Mc%7$9U&S;omNOf8ktT(`SafM}p$b
zKuuiC;#dO3Z8$dNW>%di=Scam&i?QOpJnu1f7_janfiaf9RJ_jf4#o{=U$!%)Bjl*
zd9C@^nt%N~&@;dOpMNJ{hW_vE?Uwcbey_Ja|9LOZJn{egGY)m@@%u3qYdyDq*3bI+
T7M}kf00960lcS++0OSDxwAXWY

delta 13396
zcmV-aG^@*rY2Rp&Jb(Ri8#$6^|E;G$&@*9sM@3PxEYI-5v7wRFZe6=&g(UafT&vFu
zRV7J`ia-s3qQrJPVjg7o<>pB)@KN8WV(~*CmRWZ@ZLv^^1dzx~Bz{QX-(n5}5`yOo
z;su;cfNvd)Fqhpa9*5tp;_3Bzy}jLC{oh`%SN?Br=T+~!?SI|9?Y-XX-fr*pcfIY`
zJ3GDaP;Vu*&v;@XG5@Z&bY11feI*Z$$j`t9VYH7X+Z#BFa({Mr{?dKD5rFVHiKPB<
zU&#ylo`ir77?qe%;OJa3j)#DbsRTa2KA;x|=f^M8-%rDMNazN|W9TE7#BEH<l|FR8
zd@GN0{!efigMV0=0%)H9+q<v!w#)N>_sx3#-^)YBcnJLsgs!lFGl*CpjeXu76Q47|
z2D0n3@dnB!ttyHThlmLx8K3si787FYI=%u<L4r_nv{jHQ{e{HCY;vm~qBsmsSxEe8
z9~}=)m^|emfXWSod_hh*n-HZDfVZnrNpF;Wl&kYq_kVS_*P_ZZ5ahRcs^jK^Li7GS
zyQ+{(fPxUGoL#l-&g7FweUhthr@P&oT_I%w9O{XE216nw$8$7NeQec&$CJ+sEX-{3
z#<OSW3<kh~`hX-ui~?dDjTr|dz~>-^`uPe_EFeHPBcPfZp+ltQQz#M~27NS=G7|l*
z9H(8vwtoWVi!F)8wb=3*9gtzn!HZbn`H6|zQuI7c%!@dgU<pZcrdu2O_tQ8G&kZ+y
z^vkas&ya_V#Trj-$4!5PsVQ=T$FQM_c<3M&l8sS_uOQUzz(Ifrl?;tR;s8s$;p-yr
zb%{Ru{AB~7XXyIR!oyKiV-Pn4@Cor@-}hNerGFYQp97ZAN0P^Yo}s^~Zc_i=M7Au#
zrm#RaBn(x5noj~WU>r?Z+(qXg6^jEL3P5C_endBz>K|hP>TizN4ehG>7?qrbA@IJM
zA6|~n^o=JldWKYQAT~hfmJiFc9n^#g#`XAGi7eC9g0>JfL2)ETOdgc@O@3dJ-3@+)
z{eN=*t40*PnT?HHf2FVM`c07wSsWZ_am{4P67=*-qtJr-(jvk>^pTnjo|p;=T2+T3
zyEz(1a(a+`lXA@=3W<+JAMI=)G-5)YfV^S+I+ZIqA_57JQcXXf#bKa&B_IM{g%BvA
z$(n%z1_DtgQ2-Ip05OVwIzLW6-#}^(aDU>9Q^sW<?fhkLd)KW3M}R{)%8DuOcuYUg
zpRkZ>M778!KiZ)_4Kao66_yhFqciwtOgIGD?;#t$hY5szq)bnkpN5!HCb4pDlV2hh
z6eeoKg8fP%4uZwp2Vt0Z87$SxF_9wq3n4#>`)E7;a|~mxd0+Q>KN0&YhkwQ(s(&B#
z#+A=@lCOM0_I1M_qUM6pyw8fy?c|noSH81k<qqL(UHA5qb(h?*dup@NFTPbHosOC{
zg8`vLPVH<^s{0&5@FnB+C&@zKcFJh79=e8UA9b{v=PZP7(S(onH1AjzSfsvI)H+AE
zL`admfWZKK*+-odcJ7ZLh(qYKqJM97R-`n>o!8<mQO$-njt^!Z^xI<^5(+=FFdoB?
zFx~fk5aMq{j*bJMQV)EhTPyngbvyn3s-%}U5^JrB1J$-Bt0i5f)Xn`iuB^yDvtJn(
zcCY)Yn@pJoH@Z;uLBZCy;lSaIEW(Au+0h?m?nYfjMay5ZgDy*0wS_g-uzz9?TkEA)
zOX#JI0bm(($OPscNF%f75-TU(inMuY-u$E-y?30&QTloy^xsK;p8*d3#)*Uv)CVQ=
z-=AMhBiPt5j(O(VDK*^n1?lP;Y1hfd)Bh-d?+<}Wt1si^@AG&tAh&(g`EY*jjUXI%
zlC||ac7FKd`*cEdI_Md~6MsxX#XB+q8TIoE%GA6OFE`QQ(O*Bl+eF7F-+$Odf7?Gh
zIX-!}iH^?BKAb7nPOX$qIlG-&Ce#nv-y0#J@oizU+5QN`iNkeOS_wTv0fsT70;KK)
zRho*V=MG_j<4`&ox9>L5K^QAV|2^TN^q1=EAB;b`iB1>=Yk5MDeSfqy!F($uS6lWM
zmsJYX5{>my09OQ4CmZI~CK^D%I9BRQ$-^n|F%iN@bnnfZH)*dV3uYzlMwunObO&B!
zE5~A0o<wa>;O?rN>AWOg>@HQ2!}V}lV29V@@N4#ypEeS1)Y{@O=7bKd(I#|wJftlB
z`REq>SVzk(i}{)^fPas3jq%VJOMi598*#7_n7%`q!y%OhLWL)5(+QKuwDi^reCbz3
zZ$h|?ap)xzY2${_fZYg}Du@NB8F|W?asbkJzsL-8y|VCb2z4opbV@%z=wD7SzYNLM
zrTy`_Yg#}0nfQ7kY296BCeE(%Ra2F%XX1kEhTYnkn7Pj-&wrVTMZNO%Jht<g@#~P`
zAobDps(=8M$A@+*Jwv}Ry^n{(U(xXZ$q}Ia{X>K!?HZ~#HtfYcECd-+2+$Z)JcIxd
zOBWFn@gY=yFYp+U1d6FdSm>X8W7Tzqas(8q>2Hc0AEFx~N4nU2wc09<50zk9TE>&n
z(tN-{m&D=sB!2|6sQC#;>3WGn;OQ{kLvOe|vd6jqCt)0gSc2F(`EYS`-j%m<nL1|e
z|G(PZDeeF5z1i7Y@BiJ$bD>l~ZcqRG7#U-vruooDfdhy_HiZC5W_Aed4DW7iTrlL1
zz`w2`60txaA+e0bCW=D90uYaBe<QK<GDMz7lUT*u&wrm$_Y8EoZW_TrU%n_-3^C6W
zRt3N9a8t7K75eg}gFNp>spR#9Z+vFV|4$<bBjBPdqs5^BGv@!!Ze{+z+1uG!&;R>)
zK7Zc&4>Td;zBbZI5R{MdcC5O^A3-1e$JUoG8ymXV(QSljplvs`TWH$cYqXdy_xZDj
z0vHeqsDG16R#z47ATN8b!vtM}GSl<5`?EousFEKhz&Qy3{jNNG>Z83^`k!QMq9>^1
zWyF96`rn$tjRU<yXBaXpDt;}tNO>oEfB9;fv29il-HitBb-Ap@h!ZLYsPjkR{ZVv^
ztuX(#04nsm4!J4))%jBgbv|_#X%QQbnR1|v%6}7$oF=8rddHB&QB?A@P4w#XXOztH
z>QHr&^Gia7#MC!mmlbY3^Jan8$a$FKSd}2u596S*aWy>pY#cGFLvOj=^lG^XbLp|c
zVjW?fQ}1e8?22SVIcdcp5sCd2R_7*|!rv6N$|t|0f5uD}I{C|&jS+<7t{81;`K)b+
zm4DuDo+mrm@~8y!8cFtdJPsR5q_r1D+o*>q4#O1BF<=~}=nH`w#y-k$7dZjQ*eruH
zRP7bOhW?0SI)ujWP>ShL9bMC;QtKXCL*MN)!~Xj`@ba4q3t<8q?f>@f-m6z{iuQkJ
z`_<m|+Wz0iQ<`k)INMO5o&lccZRBynIDaB=D}m}bNB8>AMulx}ToW4fEgtI3M$`^L
z$6W}c8wnh$Uy9S2y|oOZGX$#D<5f(;0C+(^PI@Wc3`fMnQN-B<f}%R@qfUYo8xlE+
zuev@Pm-pjT3pmALep^tZ#J2YKUUw3>4`K9zj6p~|j{1nkVVLg!O!S6Q@^!B3gnvOj
z+m6`~5oq|((Cj+Z6*FXQZ<wC6n_2b)8<`aHN5{+eM3@3m7;_v}xYO^%h;g$ooP^^h
z_64ECIK;gC*#<(wXA$&Kx)uvIP~uQ&Djvc?Kuk>ORJlgL4-}0o<X3=?AJc&NO0y`T
z)8Qjqm0E6cz`-<+1e6SMQ2hi5TYuKNHWc;`!RRTLqdw}I<z-iYeZfA8B*JEf>8$*-
z@^Aa-im?zdb@Dhs7*V*%c%uM;D8j=w4Nl6MIFWaX(_o!$pPmKi^ydRK;B1U;M#LXk
zj8#JZ1`G6p@dUN^GO5GW)(HHrq1jdIG9n~UyX$!nVlqB4QTD9;=eqFe&wmGn<_pOU
zKFi(ulr<chK>;0!ZD_Rqw=R{?RZme!4;WS4B6jr;@TKyO&9*k7!@}p;9BJ-=iHmwo
z2b4;+?2NO7Mbp+Xp=2D7ks!b6HX8=gXtI&l(KO)72~)$J6NTJ>H_5P;_H*)ES%}NO
z&*J=|G&H4=2(b`JL_b>+6@LrW_5P$vs@m!Kw=G#dsb{w+IFhB)s9ZAba9dO<Bx>g_
zQEOM$MW-eVMU_h}M_4L-Mh0mldZ0@xF~q)%aTrchqIRH#33;g^S4@sdEa)|-n}5j=
zP!aQN4?us9IiQFUGZC;vfc+6-as<4K{%U#o>Ero@Qa^@Q2-G^1aeo8b#lw=?A;Px5
zUec~uOamvE^<z2L)Je^z!E>vj(rxqz^&}ZXQT<7L4KxwMm<GVZX<m_7V~GrkslHix
zqg`mkLG^`cL4YM#{&VCKU!_~|0t!_3hc(2ki(n8h!XLpH_p|*ix_^57^Q-g1&#2ga
zC7B`uVZB50Je{_BiGKw|iHY@9l=KukIk#_=b~jTBKC>NGiESdrQ^A)^72)93YGi~W
z&LZHF6nCd`Zen52s?fIQs`++pYu1BCy;{El0^4Io8ED7As$o48<qfm}!ZeY0jp<ek
zPBGHRWuMUraAj+JHl*aYl(tq0s#3kqktLeikD)j;`)`|iN`H^>6mig6C8jxg_OKNC
zNx3P64p??dVMt`+9{X%Ojwz8-gApWGv1D9q1u%hdOOT<5xj!Njd>M1tQogNbooW}k
zI}V<uThz}ByjG^6d9(xBFapYlG(u%QHLa+c<g=smi*$Ef4@SB7OSW8OL!dg0&;f8W
zh}!+pW}XIGNPq2KA<1+~Dy#9;n8;Mpg;v`Kdd;AH!zj@15jv*m0FNO&zyj`k08~#4
zPjzg&AxQlGx*<^S3*sMu&|ZW;!W{b&xSD&uFcUVNzNyhJ_1V?bY6xdXIL^!XjQS8s
zv1N7ZmQe)hdPqETts$}}!P$3<z2Vjix<j-ORrj(B-G5>wO?8g4b3$1U?fz%xqI|Z6
zvvIdV6rl?(bOb^z=wv*OrN)BcflM_fqus0>6&m$T(QoVAZ&%?`D{H^aHN50pJBcE6
z>Y`NZVOxhaTZz<A&2_g`q*;e|P0y+ojZz>&#AD<7UV+5~)DYE3fpn`c0SlB2U82Wx
zqh~m%A%A)WdgG$JnoQ57Bnua%!5zyum*Aj!;c*wQQ2@zPyG&^zD7D|#2nw!gPr;bC
zUzK56UDLT5m-z?PfvX!LyR@vKYsO6v8>8XWjvX$!0!rY1%v4*h@*1*B4yJi&daCl0
zQTQ-$L3Ma~BI%b-?ac4|I^)Y)QK)=bvp}1nd4HcfmWW!?NOhs_DC+3US?fy|8C|3D
z9IjkyB!q!Pl!R&$6B|l0YdB*-&CX(Rm77UnEZh@*9}UR_Xo70c)sOH5&^QhyiNcJs
zVYpa<+d43seH8)EVIsOF#8T3Gslqbz+BGe3vEI!R2@~hY%%fVO8pUi5#JZS_CAvv^
z4}S~6e4<Ti0R>`oXTE>ijed@vg?wR|r<^dVM@99CJ`XHM%9*EaMNF#+y%NH95OXzX
zuf0H2kLncwMPtmbD?XHAJ89>pSu|#2q&Xg75^Bmrpr8XiN=Yh5v5WMn8V615V_V>y
zK4N1J<;qlHmE0)Qq>56tP{J4*=gHxmR(~{>SuQuYr=~#8uQ%R$%(=1^%DLp@G+=@q
z>qGM#Fsl3mwHk<pjkHYDb><bw8#Neh11Qe5hfw`0Vtqzw5Qpf+)l{u!NPw-|gXMf-
zno=!htx^cfyhK+pP=XZ;Q$;1<Vn3~QAe+N4vov+{*DVybv!Pj+<|AxGxLq`7Xn*Z^
z;GmglH3GpVA~IFoBGcXOI!0Je83$24iL+4;r>09y=%UfVnS$)1lMfe1F13BZ5S}m+
zpoj@U)N(<9A9DkH6)}iS<Tr`5lhgTx+%47)!mAc^G`FzNp|XnmX)^>oUo??sIU}Cv
zQoFh6Sxtbk99Trh6a`a?$HYgX9Dh@;wgvfEz-CU1r&eu1LVa33tutk&a{e#>q~PdI
zQpG3LxK0|Mkuj%s(W^~er)Z-(4w}QW(*xw=Fzll5wV`xI_8MBTET5{J=Jh=hGT~G-
zvYM<G3?KoCIEolob3$rYp{i0$u*s+u2jNuDq$8(e(5$)%8PjWO6JQh{V}J2XjMpu3
z4Z;tcGd@G=b(uumLoAdg5Wpu8*jIr*mXMPq+m=m7gUJA4IxQ^6(p(NB2qR@FB|~wf
zoYN2{5at9^ydYiZy2$1+`&s#yic|nT2|&$G9g>zKnC7CelF%4XC3vf42@@@e#vjU!
zMlm196&9cqOlWN|jr8d0j(>43J(RqdV1;w;84<q*h?KB$tqZhbQQlk)QRe$G7s)Ub
zCv_T5`WUg)Fxfd}Mz3yJnmX(u;03}^V-O-e99@2jZi6jai2DX0F$vQhSgJFj08eDD
zW*J>4iAwC!d1<X|!eRZYPCX$T4%Jjv#)_m-Cu+wG6N&^-K_r<#-hcaam>@JeA|st9
zsM2Aw+5DJcy}=^iZSJ7LY~3-F>xR%nhJ2WzVX}fb7pw&k!_|cjXokyp)|<+PsnEuF
z=1h=g_mgCwVgW9z($;o1TgnCpqsarPVbd_>)Lbo0=S)NCvIuh1ICM9p#%B>GIaKF@
z$Ix-uStn6625g}qs(*omf+%lUG+EUu8YkZsDe9pr*o~8=B=sqo@_Kd#pu;Wq#vr9)
zpA1wU;L$h}T>j)TZlo45r_TeZqgwXqYAQjr_aSrhz(IB~A2OW>4vI6GoH+~J4p5x~
zsWYb;sW5xywFBuAc|8hNUUGXX8lZ9VL4!2J80&%2aVIk~%76Hs601bdlAKGM&eYuZ
zMvtaZsAPt^6w|Ebwr)Vvyo|7vz-b@-zZaK(`rUi^pD$kg()0fE>z`g+cJ)90<K=(8
z{5|>OPcL7-c=5}RKfSv+J^Gcr{QVaikFU*NzrXkej(%-P<mJo%{6mG6TQ3LQR4YEl
zJu~mqGvK+=aetY~YP`(TU9?gAmGQfC^zAw^|4V#TNqb_$YUbGS8XD<F34W81$ZsAB
zxrRXA69jUl(8tw59#;u<d`b|<uNK;P1ri&4<1-Uw%DWkm6i82BCWl2$w%im_Mg$6!
zX7Mxa{tWG(9_O)NX1EhV9DE=XW%h0`r+Qz_W}?uzGk--oVpLdjm=VvJZp$#UCrw3R
zcQc`yx}eJC*C;iC##m2*q-}XVi`5ZE|7Pg)QK#m}$5uk7iuKI6{$DyRZ#{+5$7cEa
zaDdY%1T$R?uyhS2t%s7X2t2xmi?)G_-UC4NaX~_#8US=zsOOTP&L!cSO9M5(UP$H&
zz?aLzEPs~<RNf(U@<H&5%c2ukfkj*%dAKyra9LF03NeItfEZjBAGkak@LR(Etr+ch
zSNOgsjObe)zqbOk-b%1}OC#~VR&jewn7UOV=vIW6TOJ*^JQi*x$hQ^Y+@3h9Z6z4C
z<q>Pk<I`4vMq35;>~SN_mcf**(PNJpJ+=a@*ndipVGm;^X0xz_kysYd^~CX8t3Ye5
zOcs|!Vl6L;OQWn-gsEB<LA5MiYK@Ls6*?-p1tbTL%Kg-gkIJGD*!Lll5S*0r-*wDx
zW|GoQ|LHSoFjeM~R#P(sKPM^a)Q{_Yg|qV&`X+#Q=UEFg^h;gpLS14;{zA*Gkt;_Q
zLw`T5CH)JUQyV5<*!+eE>6I1pB{$6BDr~A@Bj~2f5A#3GLX#YV1U}Z=d&!EVE?SZ-
zIpm15cvythx}u<2*g1d@WOBzck-|o1TnGeR&;du$ZwRC2+OJ}JU9TMNe!PjcY=5O2
zIT7Y~tOmwf2keM^<U^}E2BN%PVY)bnlYgje;p`{%_%jZ>lPqz$joRyovJ@sDNN6?8
zpX|dq2t%GU=71=p*$oWABS2o1Y}`7*m%~pk&ccSVC>B(!@RnM}6>2Q%oP~5viEO>*
zLFdN5Oh-TqYv&BqdcLDatfLhUbjl7|S}0lDIK$S7HZ?&5fuhk=5Fdwi2Y(r@4}W`V
z-mW2%-IS?Tm6xihWo35dC54?lZg2z8cwF8<GHjQAG#%MWAk*tH>jW{qR;B_7x2>@y
zbdQZN4MMFpDk<k2QdbA!SZBw3tZ=8yuoed*?{L)xBWptkMTkviy7f?A!_+h5IL47#
z7MBDsF~_Cqa)k7)28l_}Qh%e15q}8Ct0@-Yf5xCpP!3J8*iy{tZ|N6#?{WoaSlXUi
zc{D!nx9aPzk=J*Fyfy-~4E$PCSQQ3)k+sMwS0F22cRbG3#v13H^yyu%DDFdt&$DV+
z)jHu$RtBqB3p@$$|55w<>mv+biBJF4d-3h}TGqQO55K!&bof1NujIl=wSOBdrp&A@
z7Rz$|9!vJG8CxqUPfKpDe0Av&N@wJKHjb24Eo^pYY*VB+;~UtT?<BnH!l6|qv)9=!
z(^}(sq{=Dpfi$8(+ed-tS&i$X_bXVE*B-e)I6qG8Mj}NPKBA$q4o580+w&gk)@@lb
zeA19EK>N`}7<kI|6@-iq#eXu%4eB?n7U#JQc)c7pPq6G(tlBl{3<mms*M=6&(HL_a
zZrK(s*AmS`Lvv0_WxlRGS=&P;?3YPVfjW$O0TI_7*S1Z1)S-EPK7uGjdE;Qc=egdt
zd4x;68K=|>ht#vlWbmYoF`-gt%|2%04gl06*qg#zm3GVyaka2b*?-d*%4y?BIcTmV
zIOgJYMd7k}yP-t@%|UWSAvFi(_CdDq8BgHDI%Setgc76k9dy%pLlv}(W68!?S~4z#
z@xl3V14#)S2@-&h^SI-pSKP4`nn@be-`M0cZuWBm$EkG_gHsK6;*rIsPBh^XFAefd
z&K~DGps-glk5nZ_vVT5}Lp9!s>SCU#F7An%A?vRACu$!9ZCrRb+C0A^v8SkPZY>AN
zG{pnXv6t?|W%7sKfjkZ4A)(5teDTsC!w1e((Rw-t_B49^_%!tE!U;l>6J3Qc!3)N-
zmFY_d!!^?wF<wdgr*z3bVj;5(X*d@ptd-M}+jsX_N|N^fpnpT^EzT_!KPV-&(B}h^
z5}!!W$zMEMd}_`r%r<#$SyE4u$0X}#cdw@DBO3=BWvI5h$S%^l!}G;m-EH36&aP1i
zS+z4WzT{=xoawE*K@qL=BE04APAf`g%L~(L3LBkaY|KwAn5AOQOT`l<K34xO9%H!~
zu^eQ;(ND=)YJcths}Zp|)&Bjj|NfqYU}nL;|Mfpg>-_s)|NYmH`Pcvc*Z;Im$X!H(
zSmkJ#doB#exw9?B5q42b$GjvAm?9iTBW!b6%%j#9%lI-Yqf1>jSx2L4^UI=>G&iQv
zz^NG^bhuepwW9`mGBxqh^(o+F|64m}0T~QHXVeg&(|_d|m)uwu>>?>*f3%rD+<K)f
zv?k(%PLv?M>Z#zx$K?zhQ?el!(isd&`pX#(b2$nN1jx$ydd?&8yR*`L<{u--V`IZ@
zFQ%9$C!yyS`C?CkyH;f+ARK(NtC3H1cm*blg!3HVe6H@MVL~U$Y8QX3_xiMS2R0#1
zj@=QCB7bP_oj52j>aWxV+mfdsfBUD$Wtf{CO6O{ErsdWx)ltydbw58In96vT%aVW@
ziZphI2o(}=(BLLf1XL0Z>F65WWg=L)bOc!At+WuK|9$@9Wa}NPA!)`7>ofrR$Q_J<
z%1y05OhzM}Iq+P)>5efa0}!%n>i{l(+4;539e+^53%7V2g|L}y#HB7+GKYvT-H}q%
z3eT~ivORzzmLv_o(alxnQTd73M({#%4Sm$n0q~5?&r15gxGwxq&kK_!u%ilf40CCC
zG;c^UCQa~wli?8DcRwJzOw#$CUMiJNlts>wpf*`gYN9Jl|FZLIEyu<FQg$3}(T-W7
z6Mvz4>7|{KVoD{xRW<p_+o<bVo#;)^=819ylyd@M=p}3a8$4CLkPMtn=Zd*(l-4xG
z--p8weZ!d&s3A>qTn&iQeJ0^ovulA&STxxq@kf{r(|m)2SjHR{OVLn`6eo`(Vq8`n
z4;FK6**MxRPvP_YPFrK+nsR@#3GfMln}4kv#;*w-dP+1sn<{Bb+n=px`acV|MH{fT
z4Juf>yKI%JM{F(BsAOxQy&Zdgp1_n!-<CY1RL9m#CL+)n2au)CxnogQ9jep9`BTqg
zc05c2^>34^)SoWYgE46}eLo%_-j9ICWTClQyX37);#Y$bLoTEks!RLlRo!yO)_=|e
zT?t(8{C(s1gC3k8=L7jJb}OO%^&O#e<xWcjBQ@dgVivVxj09{JrgZy03xlAKl-xRP
z8)X7~rjslxia>o9n53eZB0}ZfZWn!^`uoiUF*a6?(|-l-YfS(2NAbs#|FT_IoPUOA
zTBubJ<&JOv<xS7)ZF{|K2gP2muYdnP`gn0rpB+x~TBF|bu(RxWunSM~IneAfRi{+@
z+VY{*SornLn@=it8h+gOZkCLa!vwAG-uwpd-fWwmtq}n2YLSIRFPM?d8PJ<sqAO|A
zW(vv!$n*S6u2h<r%J){gW4crZI9IrQ`J8Z0PqA&5xMuIk<}U1`-dv8=tbhIdroDVp
zzlopI8Lpn3i7r{J8|&xzNEvstFRI4L?4a2(m&ASJD^(8Lkb@9&Y<jIP3|*gynfpY{
z3Qxj(?I&Q?CtvRM<jeZR%VR$Avd+wMN10iy$Sjqc#n4z;c9uC$C4EI_k=7Ye%(G4#
z@pYdm`kGG>J&?<}PM_2AWPi`n=Xh3dYG);9bmlmb)9A-N;R85JAGcZlaLpq>O0&9y
zGf(%J%u)wpmO1+JbslnA@;J+5zPWbMa}29KwXpOVg{N{N;U3N(EPvWym1hf<JxQ>t
za|7#B0_9TzOPvQ;3G#nAjQ_G|{-tsID?#WlgT-G4b-xV0evPD`yMJ+OB>fsmzsAh3
zG4pH8{Nua-dv=KIo4o_PxT&}dYJF*p`m%`huM~g&<k05p+qa)4g8WYJ-kuX3zP^9^
zG2Oqt5)AjUi0zf&v)A`%f3^2$f29cNrSZ_qqMsiJ*7=cM|NZ&1hkypi`|@SuyY<uj
z;NM~n0}_Jg3*s4#w0|XG9BB~OmijSQB)yiSJH_L$Z5_Q{ueZ0mtN+{U^-BNU+1c*x
ze7C*3x4qYU-P`TG{;s$4O8ta-ciVLH#6n{JU2o~S%8mO<9y8SrAqv@a3{;k`c8SE+
zWV>)zi-Ed+{*1am8_Zr#D0FcB%a@IOG*TBmgAlNQZWedcrGG+v1)-huIErSIMMzC<
zLj5of0CiHy>>5fP)J4A|N@$?gpS$WCRbHEJ2VL`#DW$)Z?C*FSqTf-Of>I|lh~@6E
zF}xNowP{&F0)^ucg~Z3Au1AvhrX~R)_%d1Uj<NJd?{hs{+iA&n?;V}Dmvnf`kx5jB
z<sm09>In<%%zrhCf6f?bEhK3bgS6xg<JTd>!LcGr<g{xLl*fk!@`{tRXqVWsTd{yX
z>PY3p7wESTi--m9^I~Qtpqt6SpXU&=hz0v)In#`nWNmgWs06$mF(FSts<zklaIQ#J
zv+@Oq5Bt7eMW2+FL-BQvT1J7g0L}{%tX+UY_?d}53V#WWZyS3jPpNfx*T_qLvc>cR
z{Rs;RJXc;-=5ZE6@wTb0u`ZZ;FF8?ZU)h2A`!vK9T2z_rB1EcuW6cpKj1xJ{kSf+;
z^?Y+jljn1yfs2hDEm;V>EQ7fpTgqUgIvwbn!lpSHx4+CG;FXRhV?2b@I1JCh=OA<3
zm){g>sek*rSb0S+m>;s8<-CV&%&2m&GPoSyu<VYoI8`d~7In5d#p=7hAg9?E$`UX^
zB;(V(Fx&R@Q71PS&G%PWz!^jgefd&(*F?KNtF**J^yN#(j6o=%B|odHvpAm-!h9&o
zn?)UO@^+_F`B6K+I0)2w>g^w1>>nPU9i5-Qbbk~K0SCZ6tz`(KvrA-`-M+2!gd9X9
z83T*u+wGlRPdMJgt>oA<SS>HHwr`6TDlM$Eg@+^J{WB78U-z0yT*X|-x7$5ep#fkS
zbMS_0W$^X~Mj1c-`3(FJld;)+t1tj`QXT<&lFIaO8SJHox{uVVL;YV@F#ozNLu&q6
z^nX2?B_2^)wkR1Bo5wk(vLYd4^{Y7+rg$iEXt-B=f%F2B4?W~BVEpWrbw|N@vjt1+
z=A54Gojk*NZIMqA)u=7ft;Dov&a+Qfr8efMq~H3pxfRLXbJ0$<v{fSaqeDuHZnaaf
zX$CdS5%tthu*GIjZqQoIAP$23*4oydnSatNx3f;VPJ5S>T-?4cS=VZX-)VpEV@5pp
z%&pR%kzJ3_Sb(QD0^jPe<@3r1IV&uxZ;STu416{LZeX)Vw-MGC;(m`w7<15u@%h6V
z#$;?4F^cy*r7f#7r*lXqKtTxQLtjCg8J&D_sy<llq;4QxoomIy3r_7-)!1f&7k^#k
zIzcog^=PD%=aonX2L3rKte~bzkrzX8BxU3!2VmcZ%*UbntnUs~6q`B%9Lmut<1$?#
zR=U{MqDy)a<MQo-l*?Ud2v6Sb%r#q!)jakITi|x)oK2&BZKi7$8eHjAtsz^TG+Ds~
zr|7aZwX?n6q)uMh@I6c*bT2Z~34is67YFCZpN>urPd^-=T)39KW00KqB2@sruKs^D
z6VR5nGoxm`=`%VY!y3l30&W6kqe@9so`5|cX+y!TWq!zFjkFz*p(k_{$14-baiNPJ
z=+Y+Sb22yO%tvWSz9A@J@`QM?0Pf)-Q0Zv9Df3YP-&ZBvgfa@AhzA35>wh2=CnU~w
z2{$1ehU~_JaU`dO9;j)sE`Fp+A7o80QPxn1vWTZKG$m4X@#&(}IT!A>Na<a~nPff-
z`{?4}G*L?w7Bg0@SZ%T+F1}5P-)8b%(HDh^ioH58uIa^ygBY<e=%d$#_sZtJ16jsT
zM8;|)94%$q&9*}yr3SrR*MEXtSZCxDih1T8CYw+q2@Ve-#M5&FT<xP*MG%VhZqnD=
z#n%yV!UFfl^}hfA{djit>EP_>@aW{?c>n#U?~mUfxmE(-bLKctZ>HW)IQkK$&V!PU
z&0B4D4mjwYE*ySOLO4jsRC`Z7*D&pCA#l87kvW{0ODj}vW8ToX7k@c1CAa;pt$G);
zIzg?<(nl9gIlG;rPNzCE4Ff-1T%4YNIz9XFfBx>Szp4szbW22Q1gMe2HVn?s-#qLU
z<?Y>vPv?g}etQ4m-KY0QKOensTdNkGckKM|$M>0+F_)X0`8@X;s4agC($AfC*>V!n
zta^U=UZAS>)4P=2fPV<d8R`rmU>w&DwGibzmSw(#2)BHwreWoPgAX*EHq103LNB^5
z_e;5g=$dT#*poaKa!c<j_|@CE8)|ck*aC})R2FI$5JnOlTWHQ9)*i_r;Wn{m@eAiz
zD(h1{(i_c|5QC08)F-nUpMKy5db+WMh`7aLCWlp7sTYNr#D8YUMQ+$18o{)FmU-sF
z|5?pH5BBf7nfSlncJI}j68>*zXM1mr|GSUJ^SlD&uaZS^!yp6?&W~+^)<!U3aRpw2
z_|1#mE8&_H311MyMsu(wiJ_nz9DJTV!{qw}A%&&H{^%^dT)1X=TPS5(5V7Ex4%i2(
zotV^s8gurZ41d6%`k}s3I8E|=s>VX3SAcrxC>p^SI9AqRAl`8nM-HFLZbx(rB`i3P
zT?0L{IRcYva2ybzzA}gr>2GcAtKQo`yijG2ZcPS(wQ_&z&s_Rn1JG^=4cLwFlnW7Y
z=7SJ3EJCyX-`?$Q_e%Qz^_$-7wf?`4$GWGO1{qY=3}SE>D834z`g<(k2jxDRu|G)R
zZA#ZzI5~zfqvx;ynmnl_5GN}Hle?&{085^bT^>lDP+BR9+@ya!mmEtN+GM55R1rG-
zs9z=C{}|tXq<Df!s7Acdb85<Wi|>=}Gb^97lk6x$f7*B9ogM5a<ua<<J=6m6t&MpK
z_bvo09uh7sz>hV<j7qr8Z9fR`eKw9xIa9MPAGolJD5jE(;n1Y4PhZ=v`Vi$-5xE$M
zF=Ca#7LVz^_$YvzF6*3Jp#6^*KYTblzWDp)<@w*wFOGgncC89WCvtSus2ntazt#J%
zaT7fAe*mNV+Yhf+S`IqSjyKmunQcas%D#HUZh(ssgkcwM9l&b8^3w_2c*hdPNdND}
zG=eNLh`duQN9dq`c{#!S@-ie>mzPRqg&;34Bc1hETwc~LrY|p%_dVl&%1G0}0zJ9S
z_a28K5t8FpkVo~QSz(_gpRHExW>!#@1=lAFf8sIjqV}>N)`^o^OF74-EL}Aqk0Qcy
z7GlFnR$7ZjO-5Lb-u~gm;o0%eM`xeTj^2Gb|8Vf*r_=q5A6ztyP&!GRzW?~{_(YR9
zJU(-M+!lY_dPmUVquEBP*^x}3`uS6XSF^VdIl9En%@Py1k%MB7E>ia=J5bZhOJ@x~
ze}4Sy(WjFShew}I_J5jVV_E0JsM%4@a-nMHQO}m#ok^&bVs=fjI%VCwx0DD*wz1@(
z{j@P^kJLQZX~mS15#pA*umE_|Yt)rN-4rzvy#2$A;&iFgu~ooRUO7DwhE4a#U7*+M
z2|qd9nr><v#9At1_$mZ%2r@ZgAS9OJf2|`#Z;HMHX_IWLa*aguF;~w9UF%N!wSa1x
zpiV7F^N9eIl3sI^StU^EPTZ0;#%V<ur@QcZ@<Hv%_FXwet8#$qku~c?N$Y3f{l7U-
zAT#nmZSTI?F6V!GwcA_o|J}#aV*l?2WwP}q;LG(c;CdHuy$iVB1zhg}ezm)Rf2-Ys
zdjxxmO*<u}Gvry5TAn>P=wH^IKCt2QfVA3qSszVb@M!wnTO;N3>5d{bN5M^`vHs-Q
zeQbjq^z}x9b2njCN6Y73W6pO3e7!mOaGR5lW^Yl?i*l0A!ph?;N8Jck+oP>;TfR}e
zX8*x(v(>mW>-b=S9&l0_vjE<@e@T^$QO%*$z2-xyuX=7FxLYOkm^M|P#FppmL?4L^
zHD>zgI6JvKH7l-5Ej@?llYCx~<yl1Xh1VOsPb?Y9dT(~UH~U2QW(}i+hJ>a`<*s4s
znd^7Worp;aaX0hF`dd@ck1*ZWAO4NVQIe(HUGefeymKa5nYHY3u72C(e=Ny<zw<;T
zrI&>~Ao(}z<R6b{Z@t;gTyK&;@lEo_ld9zDxaKzdg`Ve)1l$WMo3Z|O>J5Y!kqErX
z;O59&UUn~4q08K7Bm^6KE`3?8LX58#szZHO`s5jsBM_jKmq3_9dXbji$qCSaaedbv
zmgI_rMCvO%Vfvh#ixf-5fAk&i_8K?6=`q5|)m-YQE07pX?8VdecD94_W2D(@-LHzu
z5}jN9ys?Mpug!FG`McHOQw+V@%r7%Uu_?t#Yq@MIlXF&963~?i=ZXY#9-&;On~SvO
zlFo%X++ANou%fA!R=B?ml3#Qni%EkjEV+%w;@r$txzoTb-4hKVf4nB{D*2RV*s&%)
zD@Lu{6W<^pZf^Y7+}VF-;=g*Yd*%EO+p72)|8);fX$QvSCbP(|RUo-+va^-qxT-W)
zfZ{Slm&b4!I^Q6I%QY$whu?B@v-r(}<(<m=yiU-xWd(4tl+b-#BAAQ*1XMUy)^>=J
zcli_mi(t;ow@cn8e`t8R8$6iR40nYF%UFMmSg@MjSScRxi6hP0WVv1A%pU0#DCGhz
zZZw%|*X8c68EKB^m}$I5f;|l+SlvaKm14``pAunhSbRJJ@Ry_TqXB-++K_xbC-7^b
zYsVG=dR6?tEK;;(BSl-ak)p-!K3gr+YJoeI7QsbrErg0He{174CTbQJYfMyb9<C8l
z-x?yy!j`n+@rInmQ9UN==S(;14Ab`rwKDugz{f-gwJxm6uhE@Zi6@8IT0KH)#^p=1
z@l!eG7r5MNjkH={v$RH6t<hC&E`q8JLn0H=oRAQP5L9NweOw^bw4`x5_?$&}s2%%0
z`YQ?a_OqVQe@+(kH`*DzyL+sPgaVj2KMr6*e5i1-z65K5OR&l-wFOX6Eg>26FSCml
zcm^J$VWuq3;zAtMOq8WND#h?D##Zf`znQV6E*)!_?lWpF&;2^EP=ii*@;9D6C74hP
z{7-UKl9%)G=K=xExc}?*tL@7DUvKu-_@8@uN+J04e_E_0`IDD{fFKIlbPRL>6i`Yw
z`Nu&fN~-XRfI+RQSpin4sh;H#L`~FJiYwv}g~Z3Absr`ln5ySS2(=uZWk5q3Nu6H#
zhBA$XZWw(o(G{RE=GPD)EVM_Lf~6<h=-}+ops(W$B&BH*ik`jh?G|WzdD<il5!@1q
z@IV4bf0(nF2Ix)qwOY6^8VFSjk(!u~6(a*egF?N6Avq$#EVGapu{aDAyF+c+Ig%qx
z)&D3WV?xgq@A>^6ghVTV*m=x{&_})OmjYzWtR>x$u;mb0tw(<aDYlyGS^<t~2Kh&k
zimS@nq97^jDb>P;{4f?0c!nIR^jFStSP|f-f2oQ*!pio&3pVwYqlxC5S&dtH^><+w
zb^j{%_vWvwKkwIb?*!gAPp$V1cN`lDA>aVGr)Mu=v@Q#HsaR=$%;j5kTE{M$T?G4O
z?LKpJK(JMB7NdkuX*qW9&y4jSzrwy(JOncTDsa~QpF6!*rS;!#Z+mCG{=1K-WaZR&
ze|LTDa^{wP2gbsmu@DMtKV2Hfa>O|KP22C>z0r*eLj9!;H+pa@fm0lM5oZ&kNCWpc
z)6VxY_eb+MG!at|;fUxxYtcu)bUMFol$6{rohZF@*+yDzp$YISU0?{Zvxzz(5&FM3
zYPqBSVLD6wD}WFr=<gP&&<`;gx31M3e+hBbRlLC4RkJPOD@U$nJ6pC1CP3u^J!f09
zi8@hTb+eo03!?nml{RQ8f|;3|$-9*~`$1!ktE@<=@>wJ1sLyAN2ZZJ)ysIwlV${)2
zr6B1>J9`S!kV!})7oO*BRF%?S2@MDx-i2<mM~G9kbY-hrPBV%4>L1`stDH=Gf6fc*
zH%+$c=@-{{er0XfCWfXotKC+vs`q7dbs{7Uoxf2tf_G|G%)R_ykxi-B?kiVP8v4;z
zw-P#Fi>t$y%E^q@cpgi#68ll9eM?9z<5e>8ttrlQ;;pr2jVgMqDl_pA<o#<+w-dRX
z_vmzkO(f1W%~tATE$3#h+_%g6e{HrR%T!CfUR{>I8ZEolrWI|PpOb5aTCb>D>(u*I
zsT>6P?dx+w=T)mq#5I<xVR1cjUq<MG_0@f=s};)o6VOwo-gp=trG}+;$kNV9j#S;V
zqH6HRGMWChrdL)V%ky>4w_<=75}7vA{rPjU5&F<uAm8*e|Nh_nN#JJSe?PZh?e3QG
zpRZr<t@r=#<C(GlcdsT$XJL4B#^-@dPQEi9m9fd^+qxGs;}DCrfmzklR{t+^2w;Z(
z-+j}2UB3T$@6GmF|KG>sxc|9w2H;-6AvHqwb%aaSn2(i4O4h;l`wh0QzQUDm-7d^T
z>zLr3dU!6a_NY9%`lA9XfA#MgwEM$_!(2=m>~sp9zC#Q2fFa>~7x_}Ju4h1#u-)4N
zXNLc8`w5$VS`Z07EB@1avs3c__qKO>YybZ~p7QzMQeZiA_DdOOoKvm&3~+PIdj8YD
ziyY&fCxv^v^zDUneNCSk@*W9_7p63EF^gjf6u05nl$%*~o}44yX2JTX%@cf<(f@6C
z0%q#}y>k42cW>|2TL0h2^I-Zv3nQ;J|622}p9gy8*Z=eH1kBL?z1>%3{r~#SoAvq6
qdwJ%G|KFc+s9TTUkEvMex%IPt*3Y-_{Qm#|0RR7?!=%vw-~j-O)=)wK

diff --git a/charts/latest/azurefile-csi-driver/templates/csi-azurefile-controller.yaml b/charts/latest/azurefile-csi-driver/templates/csi-azurefile-controller.yaml
index 35f3a13bf1..a69383bf11 100644
--- a/charts/latest/azurefile-csi-driver/templates/csi-azurefile-controller.yaml
+++ b/charts/latest/azurefile-csi-driver/templates/csi-azurefile-controller.yaml
@@ -104,6 +104,10 @@ spec:
             - name: socket-dir
               mountPath: /csi
           resources: {{- toYaml .Values.controller.resources.csiSnapshotter | nindent 12 }}
+          securityContext:
+            capabilities:
+              drop:
+              - ALL
         - name: csi-resizer
 {{- if hasPrefix "/" .Values.image.csiResizer.repository }}
           image: "{{ .Values.image.baseRepo }}{{ .Values.image.csiResizer.repository }}:{{ .Values.image.csiResizer.tag }}"
@@ -126,6 +130,10 @@ spec:
             - name: socket-dir
               mountPath: /csi
           resources: {{- toYaml .Values.controller.resources.csiResizer | nindent 12 }}
+          securityContext:
+            capabilities:
+              drop:
+              - ALL
         - name: liveness-probe
 {{- if hasPrefix "/" .Values.image.livenessProbe.repository }}
           image: "{{ .Values.image.baseRepo }}{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}"
@@ -146,6 +154,10 @@ spec:
             - name: socket-dir
               mountPath: /csi
           resources: {{- toYaml .Values.controller.resources.livenessProbe | nindent 12 }}
+          securityContext:
+            capabilities:
+              drop:
+              - ALL
         - name: azurefile
 {{- if hasPrefix "/" .Values.image.azurefile.repository }}
           image: "{{ .Values.image.baseRepo }}{{ .Values.image.azurefile.repository }}:{{ .Values.image.azurefile.tag }}"
@@ -219,6 +231,10 @@ spec:
               readOnly: true
             {{- end }}
           resources: {{- toYaml .Values.controller.resources.azurefile | nindent 12 }}
+          securityContext:
+            capabilities:
+              drop:
+              - ALL
       volumes:
         - name: socket-dir
           emptyDir: {}
diff --git a/charts/latest/azurefile-csi-driver/templates/csi-azurefile-node-windows-hostprocess.yaml b/charts/latest/azurefile-csi-driver/templates/csi-azurefile-node-windows-hostprocess.yaml
index 644eef5cec..4d9bb739da 100644
--- a/charts/latest/azurefile-csi-driver/templates/csi-azurefile-node-windows-hostprocess.yaml
+++ b/charts/latest/azurefile-csi-driver/templates/csi-azurefile-node-windows-hostprocess.yaml
@@ -76,6 +76,10 @@ spec:
             - "powershell.exe"
             - "-c"
             - "New-Item -ItemType Directory -Path C:\\var\\lib\\kubelet\\plugins\\{{ .Values.driver.name }}\\ -Force"
+          securityContext:
+            capabilities:
+              drop:
+              - ALL
       containers:
         - name: node-driver-registrar
 {{- if hasPrefix "/" .Values.image.nodeDriverRegistrar.repository }}
@@ -103,6 +107,10 @@ spec:
                   fieldPath: spec.nodeName
           imagePullPolicy: {{ .Values.image.nodeDriverRegistrar.pullPolicy }}
           resources: {{- toYaml .Values.windows.resources.nodeDriverRegistrar | nindent 12 }}
+          securityContext:
+            capabilities:
+              drop:
+              - ALL
         - name: azurefile
 {{- if hasPrefix "/" .Values.image.azurefile.repository }}
           image: "{{ .Values.image.baseRepo }}{{ .Values.image.azurefile.repository }}:{{ .Values.image.azurefile.tag }}-windows-hp"
@@ -149,4 +157,8 @@ spec:
                   fieldPath: spec.nodeName
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           resources: {{- toYaml .Values.windows.resources.azurefile | nindent 12 }}
+          securityContext:
+            capabilities:
+              drop:
+              - ALL
 {{- end -}}
diff --git a/charts/latest/azurefile-csi-driver/templates/csi-azurefile-node-windows.yaml b/charts/latest/azurefile-csi-driver/templates/csi-azurefile-node-windows.yaml
index f171603d73..8e0a5c5499 100644
--- a/charts/latest/azurefile-csi-driver/templates/csi-azurefile-node-windows.yaml
+++ b/charts/latest/azurefile-csi-driver/templates/csi-azurefile-node-windows.yaml
@@ -80,6 +80,10 @@ spec:
               value: unix://C:\\csi\\csi.sock
           imagePullPolicy: {{ .Values.image.livenessProbe.pullPolicy }}
           resources: {{- toYaml .Values.windows.resources.livenessProbe | nindent 12 }}
+          securityContext:
+            capabilities:
+              drop:
+              - ALL
         - name: node-driver-registrar
 {{- if hasPrefix "/" .Values.image.nodeDriverRegistrar.repository }}
           image: "{{ .Values.image.baseRepo }}{{ .Values.image.nodeDriverRegistrar.repository }}:{{ .Values.image.nodeDriverRegistrar.tag }}"
@@ -118,6 +122,10 @@ spec:
             - name: registration-dir
               mountPath: C:\registration
           resources: {{- toYaml .Values.windows.resources.nodeDriverRegistrar | nindent 12 }}
+          securityContext:
+            capabilities:
+              drop:
+              - ALL
         - name: azurefile
 {{- if hasPrefix "/" .Values.image.azurefile.repository }}
           image: "{{ .Values.image.baseRepo }}{{ .Values.image.azurefile.repository }}:{{ .Values.image.azurefile.tag }}"
@@ -193,6 +201,10 @@ spec:
             - name: csi-proxy-smb-pipe-v1beta1
               mountPath: \\.\pipe\csi-proxy-smb-v1beta1
           resources: {{- toYaml .Values.windows.resources.azurefile | nindent 12 }}
+          securityContext:
+            capabilities:
+              drop:
+              - ALL
       volumes:
         - name: csi-proxy-fs-pipe-v1
           hostPath:
diff --git a/charts/latest/azurefile-csi-driver/templates/csi-azurefile-node.yaml b/charts/latest/azurefile-csi-driver/templates/csi-azurefile-node.yaml
index 3dfbbd56c4..cc293e7c9c 100644
--- a/charts/latest/azurefile-csi-driver/templates/csi-azurefile-node.yaml
+++ b/charts/latest/azurefile-csi-driver/templates/csi-azurefile-node.yaml
@@ -82,6 +82,10 @@ spec:
             - --v=2
           imagePullPolicy: {{ .Values.image.livenessProbe.pullPolicy }}
           resources: {{- toYaml .Values.linux.resources.livenessProbe | nindent 12 }}
+          securityContext:
+            capabilities:
+              drop:
+              - ALL
         - name: node-driver-registrar
 {{- if hasPrefix "/" .Values.image.nodeDriverRegistrar.repository }}
           image: "{{ .Values.image.baseRepo }}{{ .Values.image.nodeDriverRegistrar.repository }}:{{ .Values.image.nodeDriverRegistrar.tag }}"
@@ -114,6 +118,10 @@ spec:
             - name: registration-dir
               mountPath: /registration
           resources: {{- toYaml .Values.linux.resources.nodeDriverRegistrar | nindent 12 }}
+          securityContext:
+            capabilities:
+              drop:
+              - ALL
         - name: azurefile
 {{- if hasPrefix "/" .Values.image.azurefile.repository }}
           image: "{{ .Values.image.baseRepo }}{{ .Values.image.azurefile.repository }}:{{ .Values.image.azurefile.tag }}"
@@ -172,6 +180,9 @@ spec:
           imagePullPolicy: {{ .Values.image.azurefile.pullPolicy }}
           securityContext:
             privileged: true
+            capabilities:
+              drop:
+              - ALL
           volumeMounts:
             - mountPath: /csi
               name: socket-dir
diff --git a/charts/latest/azurefile-csi-driver/templates/csi-snapshot-controller.yaml b/charts/latest/azurefile-csi-driver/templates/csi-snapshot-controller.yaml
index d84398364d..d9e8e6f248 100644
--- a/charts/latest/azurefile-csi-driver/templates/csi-snapshot-controller.yaml
+++ b/charts/latest/azurefile-csi-driver/templates/csi-snapshot-controller.yaml
@@ -71,4 +71,8 @@ spec:
             - "--leader-election-namespace={{ .Release.Namespace }}"
           resources: {{- toYaml .Values.snapshot.snapshotController.resources | nindent 12 }}
           imagePullPolicy: {{ .Values.snapshot.image.csiSnapshotController.pullPolicy }}
+          securityContext:
+            capabilities:
+              drop:
+              - ALL
 {{- end -}}
diff --git a/deploy/csi-azurefile-controller.yaml b/deploy/csi-azurefile-controller.yaml
index ddb17f9179..0ec35504b3 100644
--- a/deploy/csi-azurefile-controller.yaml
+++ b/deploy/csi-azurefile-controller.yaml
@@ -54,6 +54,10 @@ spec:
             requests:
               cpu: 10m
               memory: 20Mi
+          securityContext:
+            capabilities:
+              drop:
+                - ALL
         - name: csi-snapshotter
           image: mcr.microsoft.com/oss/kubernetes-csi/csi-snapshotter:v6.3.1
           args:
@@ -73,6 +77,10 @@ spec:
             requests:
               cpu: 10m
               memory: 20Mi
+          securityContext:
+            capabilities:
+              drop:
+                - ALL
         - name: csi-resizer
           image: mcr.microsoft.com/oss/kubernetes-csi/csi-resizer:v1.8.0
           args:
@@ -95,6 +103,10 @@ spec:
             requests:
               cpu: 10m
               memory: 20Mi
+          securityContext:
+            capabilities:
+              drop:
+                - ALL
         - name: liveness-probe
           image: mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.10.0
           args:
@@ -111,6 +123,10 @@ spec:
             requests:
               cpu: 10m
               memory: 20Mi
+          securityContext:
+            capabilities:
+              drop:
+                - ALL
         - name: azurefile
           image: mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.29.5
           imagePullPolicy: IfNotPresent
@@ -152,6 +168,10 @@ spec:
             requests:
               cpu: 10m
               memory: 20Mi
+          securityContext:
+            capabilities:
+              drop:
+                - ALL
       volumes:
         - name: socket-dir
           emptyDir: {}
diff --git a/deploy/csi-azurefile-node-windows-hostprocess.yaml b/deploy/csi-azurefile-node-windows-hostprocess.yaml
index 94472f70b4..9716e4b625 100644
--- a/deploy/csi-azurefile-node-windows-hostprocess.yaml
+++ b/deploy/csi-azurefile-node-windows-hostprocess.yaml
@@ -49,6 +49,10 @@ spec:
             - "powershell.exe"
             - "-c"
             - "New-Item -ItemType Directory -Path C:\\var\\lib\\kubelet\\plugins\\file.csi.azure.com\\ -Force"
+          securityContext:
+            capabilities:
+              drop:
+                - ALL
       containers:
         - name: node-driver-registrar
           image: mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0
@@ -77,6 +81,10 @@ spec:
             requests:
               cpu: 30m
               memory: 40Mi
+          securityContext:
+            capabilities:
+              drop:
+                - ALL
         - name: azurefile
           image: mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.29.5-windows-hp
           imagePullPolicy: IfNotPresent
@@ -108,3 +116,7 @@ spec:
             requests:
               cpu: 10m
               memory: 40Mi
+          securityContext:
+            capabilities:
+              drop:
+                - ALL
diff --git a/deploy/csi-azurefile-node-windows.yaml b/deploy/csi-azurefile-node-windows.yaml
index acdd973be3..ead981e7a1 100644
--- a/deploy/csi-azurefile-node-windows.yaml
+++ b/deploy/csi-azurefile-node-windows.yaml
@@ -57,6 +57,10 @@ spec:
             requests:
               cpu: 10m
               memory: 40Mi
+          securityContext:
+            capabilities:
+              drop:
+                - ALL
         - name: node-driver-registrar
           image: mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0
           args:
@@ -93,6 +97,10 @@ spec:
             requests:
               cpu: 30m
               memory: 40Mi
+          securityContext:
+            capabilities:
+              drop:
+                - ALL
         - name: azurefile
           image: mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.29.5
           imagePullPolicy: IfNotPresent
@@ -150,6 +158,10 @@ spec:
             requests:
               cpu: 10m
               memory: 40Mi
+          securityContext:
+            capabilities:
+              drop:
+                - ALL
       volumes:
         - name: csi-proxy-fs-pipe-v1
           hostPath:
diff --git a/deploy/csi-azurefile-node.yaml b/deploy/csi-azurefile-node.yaml
index 294ec3c79b..1e58c8d7e6 100644
--- a/deploy/csi-azurefile-node.yaml
+++ b/deploy/csi-azurefile-node.yaml
@@ -54,6 +54,10 @@ spec:
             requests:
               cpu: 10m
               memory: 20Mi
+          securityContext:
+            capabilities:
+              drop:
+                - ALL
         - name: node-driver-registrar
           image: mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0
           args:
@@ -84,6 +88,10 @@ spec:
             requests:
               cpu: 10m
               memory: 20Mi
+          securityContext:
+            capabilities:
+              drop:
+                - ALL
         - name: azurefile
           image: mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.29.5
           imagePullPolicy: IfNotPresent
@@ -117,6 +125,9 @@ spec:
                   fieldPath: spec.nodeName
           securityContext:
             privileged: true
+            capabilities:
+              drop:
+                - ALL
           volumeMounts:
             - mountPath: /csi
               name: socket-dir
diff --git a/deploy/csi-snapshot-controller.yaml b/deploy/csi-snapshot-controller.yaml
index 39d916a5a7..023a25a127 100644
--- a/deploy/csi-snapshot-controller.yaml
+++ b/deploy/csi-snapshot-controller.yaml
@@ -53,3 +53,7 @@ spec:
             requests:
               cpu: 10m
               memory: 20Mi
+          securityContext:
+            capabilities:
+              drop:
+                - ALL