From 9b0637c6663e0f438202c343340eeaf8f8d00fa7 Mon Sep 17 00:00:00 2001
From: sysdig <info@sysdig.com>
Date: Wed, 13 Nov 2024 09:38:42 +0000
Subject: [PATCH] * Sysdig - remediate payment for control "Container allowing
 privileged sub processes"

---
 sock-shop/payment.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/sock-shop/payment.yaml b/sock-shop/payment.yaml
index bbd4198..08661c2 100644
--- a/sock-shop/payment.yaml
+++ b/sock-shop/payment.yaml
@@ -36,6 +36,7 @@ spec:
             add:
             - NET_BIND_SERVICE
           readOnlyRootFilesystem: true
+          allowPrivilegeEscalation: false
         livenessProbe:
           httpGet:
             path: /health
@@ -48,6 +49,7 @@ spec:
             port: 80
           initialDelaySeconds: 180
           periodSeconds: 3
+
 ---
 apiVersion: v1 # Service - payment
 kind: Service