From 5d6496ec2db29dc9a682a36cdfeb9e8fbe93933f Mon Sep 17 00:00:00 2001
From: mrxhunt <mrxhunt@wearehackerone.com>
Date: Thu, 12 Mar 2026 08:32:13 +0000
Subject: [PATCH] day 2 attack fix

---
 phoenix/deployment.yaml | 26 ++++++++++++--------------
 1 file changed, 12 insertions(+), 14 deletions(-)

diff --git a/phoenix/deployment.yaml b/phoenix/deployment.yaml
index 973ede0..af19200 100644
--- a/phoenix/deployment.yaml
+++ b/phoenix/deployment.yaml
@@ -16,35 +16,33 @@ spec:
         app: phoenix-app
     spec:
       serviceAccountName: phoenix-sa
-      hostPID: true
-      hostNetwork: true
-      dnsPolicy: ClusterFirstWithHostNet
       imagePullSecrets:
       - name: harbor-secret
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 1000
+        seccompProfile:
+          type: RuntimeDefault
       containers:
       - name: phoenix-app
         image: harbor.mxhunt.in/k8s-lab/phoenix:c124f4748fc9bd33cc96f63198dfa5c7db683f22
         ports:
         - containerPort: 8080
-          hostPort: 8080
         env:
         - name: DEBUG_PATH
           valueFrom:
             configMapKeyRef:
               name: phoenix-config
               key: DEBUG_PATH
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
+          privileged: false
         livenessProbe:
           httpGet:
             path: /health
             port: 8080
           initialDelaySeconds: 5
-          periodSeconds: 10
-        securityContext:
-          privileged: true
-        volumeMounts:
-        - name: host-root
-          mountPath: /host
-      volumes:
-      - name: host-root
-        hostPath:
-          path: /
+          periodSeconds: 10
\ No newline at end of file