From db21ab65144d6a696961d46a2500ed51b5c8f4ae Mon Sep 17 00:00:00 2001
From: sysdig <info@sysdig.com>
Date: Tue, 15 Oct 2024 07:11:17 +0000
Subject: [PATCH] * Sysdig - remediate catalogue-db for control "Container with
 writable root file system"

---
 sock-shop/catalogue-db.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/sock-shop/catalogue-db.yaml b/sock-shop/catalogue-db.yaml
index 727e46c..d2a319e 100644
--- a/sock-shop/catalogue-db.yaml
+++ b/sock-shop/catalogue-db.yaml
@@ -35,6 +35,8 @@ spec:
           containerPort: 3306
         securityContext:
           allowPrivilegeEscalation: false
+          readOnlyRootFilesystem: true
+
 ---
 apiVersion: v1 # Service - catalogue-db
 kind: Service