From 7a85532755dce38c319519d446e7ea544ed021f5 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 19 Jun 2023 13:07:54 +0200
Subject: [PATCH 1/2] Make borg read-only

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/containers.json | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/php/containers.json b/php/containers.json
index fc46b73d..66cc2a7f 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -410,7 +410,11 @@
       "cap_add": [
         "SYS_ADMIN"
       ],
-      "apparmor_unconfined": true
+      "apparmor_unconfined": true,
+      "read_only": true,
+      "tmpfs": [
+        "/tmp"
+      ]
     },
     {
       "container_name": "nextcloud-aio-watchtower",

From 571b2feded538351ae72e0fa29f5360898b81521 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 19 Jun 2023 13:30:36 +0200
Subject: [PATCH 2/2] fix pattern

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/containers-schema.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/containers-schema.json b/php/containers-schema.json
index a5811ed8..5de79492 100644
--- a/php/containers-schema.json
+++ b/php/containers-schema.json
@@ -141,7 +141,7 @@
 						"type": "array",
 						"items": {
 							"type": "string",
-							"pattern": "^/[a-z/]$"
+							"pattern": "^/[a-z/]+$"
 						}
 					},
 					"volumes": {