diff --git a/docker-compose.yml b/docker-compose.yml
index da2b6df..6fd5e66 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -26,6 +26,10 @@ services:
       - postgres
     networks:
       - matrix
+    security_opt:
+      - no-new-privileges:true
+    cap_drop:
+      - ALL
 
   postgres:
     image: docker.io/postgres:alpine
@@ -49,6 +53,14 @@ services:
       - ./element-config.json:/app/config.json:Z
     networks:
       - matrix
+    security_opt:
+      - no-new-privileges:true
+    cap_drop:
+      - ALL
+    cap_add:
+      - CHOWN
+      - SETGID
+      - SETUID
 
   swag:
     image: ghcr.io/linuxserver/swag
@@ -83,6 +95,10 @@ services:
       - synapse
     networks:
       - matrix
+    security_opt:
+      - no-new-privileges:true
+    cap_drop:
+      - ALL
 
   mjolnir:
     image: matrixdotorg/mjolnir:latest
@@ -94,6 +110,10 @@ services:
       - pantalaimon
     networks:
       - matrix
+    security_opt:
+      - no-new-privileges:true
+    cap_drop:
+      - ALL
 
 networks:
   matrix: