From df2958b81879667939f5d9426ed5f8871d04376e Mon Sep 17 00:00:00 2001
From: Shaza Aldawamneh <shaza.aldawamneh@hotmail.com>
Date: Wed, 28 May 2025 15:04:08 +0200
Subject: [PATCH 1/5] Add readonlyRootFilesystem

Signed-off-by: Shaza Aldawamneh <shaza.aldawamneh@hotmail.com>
---
 manifests/09_operator.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/manifests/09_operator.yaml b/manifests/09_operator.yaml
index 26d4415a4..279133df5 100644
--- a/manifests/09_operator.yaml
+++ b/manifests/09_operator.yaml
@@ -45,6 +45,7 @@ spec:
         - name: marketplace-operator
           securityContext:
             allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: true
             capabilities:
               drop: ["ALL"]
           image: quay.io/openshift/origin-operator-marketplace:latest

From 30fc8b8ff7e3d99868290ec86a825e09d5f058f6 Mon Sep 17 00:00:00 2001
From: Shaza Aldawamneh <shaza.aldawamneh@hotmail.com>
Date: Mon, 30 Jun 2025 16:46:23 +0100
Subject: [PATCH 2/5] Add readonlyRootFilesystem

Signed-off-by: Shaza Aldawamneh <shaza.aldawamneh@hotmail.com>
---
 manifests/09_operator.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/manifests/09_operator.yaml b/manifests/09_operator.yaml
index 279133df5..0d595e97a 100644
--- a/manifests/09_operator.yaml
+++ b/manifests/09_operator.yaml
@@ -44,8 +44,8 @@ spec:
       containers:
         - name: marketplace-operator
           securityContext:
-            allowPrivilegeEscalation: false
             readOnlyRootFilesystem: true
+            allowPrivilegeEscalation: false
             capabilities:
               drop: ["ALL"]
           image: quay.io/openshift/origin-operator-marketplace:latest

From 1349a55fd331bfb91305a86d5584934afa9ee040 Mon Sep 17 00:00:00 2001
From: Shaza Aldawamneh <shaza.aldawamneh@hotmail.com>
Date: Tue, 1 Jul 2025 13:52:30 +0100
Subject: [PATCH 3/5] Add readonlyRootFilesystem

Signed-off-by: Shaza Aldawamneh <shaza.aldawamneh@hotmail.com>
---
 manifests/09_operator.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/manifests/09_operator.yaml b/manifests/09_operator.yaml
index 0d595e97a..d002677a1 100644
--- a/manifests/09_operator.yaml
+++ b/manifests/09_operator.yaml
@@ -44,7 +44,6 @@ spec:
       containers:
         - name: marketplace-operator
           securityContext:
-            readOnlyRootFilesystem: true
             allowPrivilegeEscalation: false
             capabilities:
               drop: ["ALL"]
@@ -76,6 +75,7 @@ spec:
             requests:
               cpu: 1m
               memory: 5Mi
+          readOnlyRootFilesystem: true
           terminationMessagePolicy: FallbackToLogsOnError
           env:
             - name: WATCH_NAMESPACE

From 20b8fbba999522f9d5fec76537558cad88d5ae83 Mon Sep 17 00:00:00 2001
From: Shaza Aldawamneh <shaza.aldawamneh@hotmail.com>
Date: Tue, 1 Jul 2025 14:40:52 +0100
Subject: [PATCH 4/5] Add readonlyRootFilesystem

Signed-off-by: Shaza Aldawamneh <shaza.aldawamneh@hotmail.com>
---
 manifests/09_operator.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/manifests/09_operator.yaml b/manifests/09_operator.yaml
index d002677a1..0d595e97a 100644
--- a/manifests/09_operator.yaml
+++ b/manifests/09_operator.yaml
@@ -44,6 +44,7 @@ spec:
       containers:
         - name: marketplace-operator
           securityContext:
+            readOnlyRootFilesystem: true
             allowPrivilegeEscalation: false
             capabilities:
               drop: ["ALL"]
@@ -75,7 +76,6 @@ spec:
             requests:
               cpu: 1m
               memory: 5Mi
-          readOnlyRootFilesystem: true
           terminationMessagePolicy: FallbackToLogsOnError
           env:
             - name: WATCH_NAMESPACE

From 0a248ed36a91f6be449bdb56d29dae43e06ff40b Mon Sep 17 00:00:00 2001
From: Shaza Aldawamneh <shaza.aldawamneh@hotmail.com>
Date: Wed, 2 Jul 2025 10:35:36 +0100
Subject: [PATCH 5/5] addressing test fix

Signed-off-by: Shaza Aldawamneh <shaza.aldawamneh@hotmail.com>
---
 manifests/09_operator.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/manifests/09_operator.yaml b/manifests/09_operator.yaml
index 0d595e97a..c22518b95 100644
--- a/manifests/09_operator.yaml
+++ b/manifests/09_operator.yaml
@@ -94,11 +94,15 @@ spec:
             - name: GOMEMLIMIT
               value: 5MiB
           volumeMounts:
+            - mountPath: /tmp
+              name: tmp
             - name: marketplace-trusted-ca
               mountPath: /etc/pki/ca-trust/extracted/pem/
             - name: marketplace-operator-metrics
               mountPath: /var/run/secrets/serving-cert
       volumes:
+        - emptyDir: {}
+          name: tmp
         - name: marketplace-trusted-ca
           configMap:
             optional: true