From 233b6cab61e7a16bc0522228262c8b25d740d9df Mon Sep 17 00:00:00 2001
From: sysdig <info@sysdig.com>
Date: Fri, 18 Aug 2023 03:25:31 +0000
Subject: [PATCH] * Sysdig - remediate sock-shop:orders-db
 "SecurityContext.AllowPrivilegeEscalation" for control "Container allowing
 privileged sub processes"

---
 sock-shop/orders-db.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/sock-shop/orders-db.yaml b/sock-shop/orders-db.yaml
index 44b320c..480d0cf 100644
--- a/sock-shop/orders-db.yaml
+++ b/sock-shop/orders-db.yaml
@@ -37,6 +37,7 @@ spec:
             - SETGID
             - SETUID
           readOnlyRootFilesystem: true
+          allowPrivilegeEscalation: false
         volumeMounts:
         - mountPath: /tmp
           name: tmp-volume
@@ -44,6 +45,7 @@ spec:
       - name: tmp-volume
         emptyDir:
           medium: Memory
+
 ---
 apiVersion: v1 # Service - orders-db
 kind: Service