diff --git a/.checkov.yaml b/.checkov.yaml
index 1c02b14..71b37f6 100644
--- a/.checkov.yaml
+++ b/.checkov.yaml
@@ -9,3 +9,5 @@ skip-check:
   - CKV_K8S_14  # Image tag should be fixed (same as above)
   - CKV_K8S_22  # Read-only filesystem (IRC apps need to write to volumes)
   - CKV_K8S_40  # Containers should run as high UID (ZNC LinuxServer container needs flexibility)
+  - CKV_K8S_23  # Minimize admission of root containers (ZNC requires root for s6-overlay init)
+  - CKV_K8S_20  # Containers should not run with allowPrivilegeEscalation (ZNC needs init flexibility)
diff --git a/znc/statefulset.yaml b/znc/statefulset.yaml
index cd1fae4..1781d28 100644
--- a/znc/statefulset.yaml
+++ b/znc/statefulset.yaml
@@ -27,11 +27,6 @@ spec:
       containers:
         - name: znc
           image: lscr.io/linuxserver/znc:latest
-          env:
-            - name: PUID
-              value: "1000"
-            - name: PGID
-              value: "1000"
 
           ports:
             - containerPort: 6501