From 9b7a7353181eb083e87de69e7585d94f6c4eba4f Mon Sep 17 00:00:00 2001
From: "iacbot-demo[bot]" <82255952+iacbot-demo[bot]@users.noreply.github.com>
Date: Mon, 16 Jan 2023 15:46:41 +0000
Subject: [PATCH] Lacework IaC Security fix

---
 kubernetes/statefulset/pvcpod.yaml | 24 +++++++++++++-----------
 1 file changed, 13 insertions(+), 11 deletions(-)

diff --git a/kubernetes/statefulset/pvcpod.yaml b/kubernetes/statefulset/pvcpod.yaml
index 326c003..6b3a434 100644
--- a/kubernetes/statefulset/pvcpod.yaml
+++ b/kubernetes/statefulset/pvcpod.yaml
@@ -1,15 +1,17 @@
 apiVersion: v1
 kind: Pod
 metadata:
-  name: pvpod
+    name: pvpod
 spec:
-  containers:
-  - name: test-container
-    image: k8s.gcr.io/test-webserver
-    volumeMounts:
-    - name: test-volume
-      mountPath: /test-vmdk
-  volumes:
-  - name: test-volume
-    persistentVolumeClaim:
-      claimName: pvc0001
+    containers:
+        - name: test-container
+          image: k8s.gcr.io/test-webserver
+          volumeMounts:
+            - name: test-volume
+              mountPath: /test-vmdk
+          securityContext:
+            allowPrivilegeEscalation: false
+    volumes:
+        - name: test-volume
+          persistentVolumeClaim:
+            claimName: pvc0001