From f1e34a385a7790c383f4e439686e06414de79b13 Mon Sep 17 00:00:00 2001
From: sysdig <info@sysdig.com>
Date: Tue, 7 Nov 2023 22:57:59 +0000
Subject: [PATCH] * Sysdig - remediate orders-db for control "Container
 allowing privileged sub processes"

---
 sock-shop/orders-db.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/sock-shop/orders-db.yaml b/sock-shop/orders-db.yaml
index 44b320c..480d0cf 100644
--- a/sock-shop/orders-db.yaml
+++ b/sock-shop/orders-db.yaml
@@ -37,6 +37,7 @@ spec:
             - SETGID
             - SETUID
           readOnlyRootFilesystem: true
+          allowPrivilegeEscalation: false
         volumeMounts:
         - mountPath: /tmp
           name: tmp-volume
@@ -44,6 +45,7 @@ spec:
       - name: tmp-volume
         emptyDir:
           medium: Memory
+
 ---
 apiVersion: v1 # Service - orders-db
 kind: Service