diff --git a/helm-chart/templates/09-worker-daemon-set.yaml b/helm-chart/templates/09-worker-daemon-set.yaml
index f8be1e3d4..f57cca6b2 100644
--- a/helm-chart/templates/09-worker-daemon-set.yaml
+++ b/helm-chart/templates/09-worker-daemon-set.yaml
@@ -72,6 +72,14 @@ spec:
                 {{- if not .Values.tap.noKernelModule }}
                 # SYS_MODULE is required to install kernel modules
                 - SYS_MODULE
+                {{- end }}
+                {{- if .Values.tap.serviceMesh }}
+                # SYS_ADMIN is required to read /proc/PID/net/ns + to install eBPF programs (kernel < 5.8)
+                - SYS_ADMIN
+                # SYS_PTRACE is required to set netns to other process + to open libssl.so of other process
+                - SYS_PTRACE
+                # DAC_OVERRIDE is required to read /proc/PID/environ
+                - DAC_OVERRIDE
                 # CHECKPOINT_RESTORE is required to readlink /proc/PID/exe (kernel > 5.9)
                 - CHECKPOINT_RESTORE
                 {{- end }}
@@ -127,10 +135,10 @@ spec:
                 - SYS_ADMIN
                 # SYS_PTRACE is required to set netns to other process + to open libssl.so of other process
                 - SYS_PTRACE
-                # DAC_OVERRIDE is required to read /proc/PID/environ
-                - DAC_OVERRIDE
                 # SYS_RESOURCE is required to change rlimits for eBPF
                 - SYS_RESOURCE
+                # CHECKPOINT_RESTORE is required to readlink /proc/PID/exe (kernel > 5.9)
+                - CHECKPOINT_RESTORE
               drop:
                 - ALL
           volumeMounts:
diff --git a/manifests/complete.yaml b/manifests/complete.yaml
index 0ca3a1eb6..595d6fd35 100644
--- a/manifests/complete.yaml
+++ b/manifests/complete.yaml
@@ -320,6 +320,12 @@ spec:
                 - NET_ADMIN
                 # SYS_MODULE is required to install kernel modules
                 - SYS_MODULE
+                # SYS_ADMIN is required to read /proc/PID/net/ns + to install eBPF programs (kernel < 5.8)
+                - SYS_ADMIN
+                # SYS_PTRACE is required to set netns to other process + to open libssl.so of other process
+                - SYS_PTRACE
+                # DAC_OVERRIDE is required to read /proc/PID/environ
+                - DAC_OVERRIDE
                 # CHECKPOINT_RESTORE is required to readlink /proc/PID/exe (kernel > 5.9)
                 - CHECKPOINT_RESTORE
               drop:
@@ -370,10 +376,10 @@ spec:
                 - SYS_ADMIN
                 # SYS_PTRACE is required to set netns to other process + to open libssl.so of other process
                 - SYS_PTRACE
-                # DAC_OVERRIDE is required to read /proc/PID/environ
-                - DAC_OVERRIDE
                 # SYS_RESOURCE is required to change rlimits for eBPF
                 - SYS_RESOURCE
+                # CHECKPOINT_RESTORE is required to readlink /proc/PID/exe (kernel > 5.9)
+                - CHECKPOINT_RESTORE
               drop:
                 - ALL
           volumeMounts: