From fef620007c010b55449baeed3d16f4a8a7b7650f Mon Sep 17 00:00:00 2001
From: sysdig <info@sysdig.com>
Date: Mon, 8 Jul 2024 04:52:12 +0000
Subject: [PATCH] * Sysdig - remediate catalogue-db for control "Container with
 writable root file system"

---
 sock-shop/catalogue-db.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/sock-shop/catalogue-db.yaml b/sock-shop/catalogue-db.yaml
index 727e46c..d2a319e 100644
--- a/sock-shop/catalogue-db.yaml
+++ b/sock-shop/catalogue-db.yaml
@@ -35,6 +35,8 @@ spec:
           containerPort: 3306
         securityContext:
           allowPrivilegeEscalation: false
+          readOnlyRootFilesystem: true
+
 ---
 apiVersion: v1 # Service - catalogue-db
 kind: Service