From 001723dc701dd889a77f7bc8c335cd96f2f81cee Mon Sep 17 00:00:00 2001
From: sysdig <info@sysdig.com>
Date: Tue, 29 Oct 2024 06:15:09 +0000
Subject: [PATCH] * Sysdig - remediate catalogue-db for control "Container with
 writable root file system"

---
 sock-shop/catalogue-db.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/sock-shop/catalogue-db.yaml b/sock-shop/catalogue-db.yaml
index 727e46c..d2a319e 100644
--- a/sock-shop/catalogue-db.yaml
+++ b/sock-shop/catalogue-db.yaml
@@ -35,6 +35,8 @@ spec:
           containerPort: 3306
         securityContext:
           allowPrivilegeEscalation: false
+          readOnlyRootFilesystem: true
+
 ---
 apiVersion: v1 # Service - catalogue-db
 kind: Service