diff --git a/pkg/webhook/webhook.go b/pkg/webhook/webhook.go
index 8cc8bc0..133ab6b 100644
--- a/pkg/webhook/webhook.go
+++ b/pkg/webhook/webhook.go
@@ -248,8 +248,9 @@ func (m *podMutator) injectProxyInitContainer(containers []corev1.Container, pro
 				Add:  []corev1.Capability{"NET_ADMIN"},
 				Drop: []corev1.Capability{"ALL"},
 			},
-			Privileged: pointer.BoolPtr(true),
-			RunAsUser:  pointer.Int64Ptr(0),
+			Privileged:   pointer.BoolPtr(true),
+			RunAsNonRoot: pointer.BoolPtr(false),
+			RunAsUser:    pointer.Int64Ptr(0),
 		},
 		Env: []corev1.EnvVar{{
 			Name:  ProxyPortEnvVar,
diff --git a/pkg/webhook/webhook_test.go b/pkg/webhook/webhook_test.go
index 31a1822..79c8426 100644
--- a/pkg/webhook/webhook_test.go
+++ b/pkg/webhook/webhook_test.go
@@ -1251,8 +1251,9 @@ func TestInjectProxyInitContainer(t *testing.T) {
 				Add:  []corev1.Capability{"NET_ADMIN"},
 				Drop: []corev1.Capability{"ALL"},
 			},
-			Privileged: pointer.BoolPtr(true),
-			RunAsUser:  pointer.Int64Ptr(0),
+			Privileged:   pointer.BoolPtr(true),
+			RunAsNonRoot: pointer.BoolPtr(false),
+			RunAsUser:    pointer.Int64Ptr(0),
 		},
 		Env: []corev1.EnvVar{{
 			Name:  ProxyPortEnvVar,