From 85e89efacf1c0ba426bcf9909e2baac0e0f7bb16 Mon Sep 17 00:00:00 2001
From: "iacbot-demo[bot]" <82255952+iacbot-demo[bot]@users.noreply.github.com>
Date: Tue, 8 Mar 2022 17:43:17 +0000
Subject: [PATCH] Lacework IaC Security fix

---
 kubernetes/statefulset/pvcpod.yaml | 27 ++++++++++++++++-----------
 1 file changed, 16 insertions(+), 11 deletions(-)

diff --git a/kubernetes/statefulset/pvcpod.yaml b/kubernetes/statefulset/pvcpod.yaml
index 326c003..5ba14c6 100644
--- a/kubernetes/statefulset/pvcpod.yaml
+++ b/kubernetes/statefulset/pvcpod.yaml
@@ -1,15 +1,20 @@
 apiVersion: v1
 kind: Pod
 metadata:
-  name: pvpod
+    name: pvpod
 spec:
-  containers:
-  - name: test-container
-    image: k8s.gcr.io/test-webserver
-    volumeMounts:
-    - name: test-volume
-      mountPath: /test-vmdk
-  volumes:
-  - name: test-volume
-    persistentVolumeClaim:
-      claimName: pvc0001
+    containers:
+        - name: test-container
+          image: k8s.gcr.io/test-webserver
+          volumeMounts:
+            - name: test-volume
+              mountPath: /test-vmdk
+          securityContext:
+            capabilities:
+                drop:
+                    - NET_RAW
+                    - ALL
+    volumes:
+        - name: test-volume
+          persistentVolumeClaim:
+            claimName: pvc0001