diff --git a/php/containers-schema.json b/php/containers-schema.json
index a5811ed8..5de79492 100644
--- a/php/containers-schema.json
+++ b/php/containers-schema.json
@@ -141,7 +141,7 @@
 						"type": "array",
 						"items": {
 							"type": "string",
-							"pattern": "^/[a-z/]$"
+							"pattern": "^/[a-z/]+$"
 						}
 					},
 					"volumes": {
diff --git a/php/containers.json b/php/containers.json
index fc46b73d..66cc2a7f 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -410,7 +410,11 @@
       "cap_add": [
         "SYS_ADMIN"
       ],
-      "apparmor_unconfined": true
+      "apparmor_unconfined": true,
+      "read_only": true,
+      "tmpfs": [
+        "/tmp"
+      ]
     },
     {
       "container_name": "nextcloud-aio-watchtower",