From b951f2bb7db48354f8d848d788b79695b0ee79a7 Mon Sep 17 00:00:00 2001
From: Fahad Arshad <fahad.arshad@hobsons.com>
Date: Fri, 13 Sep 2019 08:53:24 -0400
Subject: [PATCH] fix(permissions): Restrict the access to /dev on underlying
 host to read only (with rbac)

Signed-off-by: Fahad Arshad <fahad.arshad@hobsons.com>
---
 .../k8s-with-rbac/falco-daemonset-configmap.yaml                 | 1 +
 1 file changed, 1 insertion(+)

diff --git a/integrations/k8s-using-daemonset/k8s-with-rbac/falco-daemonset-configmap.yaml b/integrations/k8s-using-daemonset/k8s-with-rbac/falco-daemonset-configmap.yaml
index 3be4d07e..e54531a6 100644
--- a/integrations/k8s-using-daemonset/k8s-with-rbac/falco-daemonset-configmap.yaml
+++ b/integrations/k8s-using-daemonset/k8s-with-rbac/falco-daemonset-configmap.yaml
@@ -33,6 +33,7 @@ spec:
               name: containerd-socket
             - mountPath: /host/dev
               name: dev-fs
+              readOnly: true
             - mountPath: /host/proc
               name: proc-fs
               readOnly: true