From 50f3a63cc09b99c7b9e33d9074fdafb739c4ab64 Mon Sep 17 00:00:00 2001
From: sysdig <info@sysdig.com>
Date: Thu, 7 Nov 2024 05:09:06 +0000
Subject: [PATCH] * Sysdig - remediate catalogue-db for control "Container with
 writable root file system"

---
 sock-shop/catalogue-db.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/sock-shop/catalogue-db.yaml b/sock-shop/catalogue-db.yaml
index 727e46c..d2a319e 100644
--- a/sock-shop/catalogue-db.yaml
+++ b/sock-shop/catalogue-db.yaml
@@ -35,6 +35,8 @@ spec:
           containerPort: 3306
         securityContext:
           allowPrivilegeEscalation: false
+          readOnlyRootFilesystem: true
+
 ---
 apiVersion: v1 # Service - catalogue-db
 kind: Service