diff --git a/config/configStructs/tapConfig.go b/config/configStructs/tapConfig.go
index 1e5dd3610..40e3071e5 100644
--- a/config/configStructs/tapConfig.go
+++ b/config/configStructs/tapConfig.go
@@ -178,6 +178,7 @@ type CapabilitiesConfig struct {
 	NetworkCapture     []string `yaml:"networkCapture" json:"networkCapture"  default:"[]"`
 	ServiceMeshCapture []string `yaml:"serviceMeshCapture" json:"serviceMeshCapture"  default:"[]"`
 	EBPFCapture        []string `yaml:"ebpfCapture" json:"ebpfCapture"  default:"[]"`
+	BpfPrivileged      bool     `yaml:"bpfPrivileged" json:"bpfPrivileged" default:"false"`
 }
 
 type MetricsConfig struct {
diff --git a/helm-chart/templates/09-worker-daemon-set.yaml b/helm-chart/templates/09-worker-daemon-set.yaml
index 5119e42ac..03edc03f1 100644
--- a/helm-chart/templates/09-worker-daemon-set.yaml
+++ b/helm-chart/templates/09-worker-daemon-set.yaml
@@ -37,8 +37,10 @@ spec:
         {{- end }}
           imagePullPolicy: {{ .Values.tap.docker.imagePullPolicy }}
           name: check-bpf
+        {{- if .Values.tap.capabilities.bpfPrivileged }}
           securityContext:
             privileged: true
+        {{- end }}
           volumeMounts:
           - mountPath: /sys
             name: sys
@@ -53,8 +55,10 @@ spec:
         {{- end }}
           imagePullPolicy: {{ .Values.tap.docker.imagePullPolicy }}
           name: init-bpf
+        {{- if .Values.tap.capabilities.bpfPrivileged }}
           securityContext:
             privileged: true
+        {{- end }}
           volumeMounts:
           - mountPath: /sys
             name: sys
diff --git a/helm-chart/values.yaml b/helm-chart/values.yaml
index 236b85968..108daba66 100644
--- a/helm-chart/values.yaml
+++ b/helm-chart/values.yaml
@@ -126,6 +126,7 @@ tap:
     - SYS_PTRACE
     - SYS_RESOURCE
     - IPC_LOCK
+    bpfPrivileged: false
   globalFilter: ""
   enabledDissectors:
   - amqp