From bc4de91da29226c3af2fe849b5a1fa62872b8197 Mon Sep 17 00:00:00 2001
From: sysdig <info@sysdig.com>
Date: Mon, 25 Nov 2024 03:44:39 +0000
Subject: [PATCH] * Sysdig - remediate queue-master for control "Container with
 writable root file system"

---
 sock-shop/queue-master.yaml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/sock-shop/queue-master.yaml b/sock-shop/queue-master.yaml
index 87a8385..bf19a7f 100644
--- a/sock-shop/queue-master.yaml
+++ b/sock-shop/queue-master.yaml
@@ -30,6 +30,9 @@ spec:
             memory: 300Mi
         ports:
         - containerPort: 80
+        securityContext:
+          readOnlyRootFilesystem: true
+
 ---
 apiVersion: v1 # Service - queue-master
 kind: Service