diff --git a/php/containers-schema.json b/php/containers-schema.json
index 30c8f0a8..1c7527e6 100644
--- a/php/containers-schema.json
+++ b/php/containers-schema.json
@@ -134,6 +134,9 @@
 							"pattern": "^nextcloud-aio$"
 						}
 					},
+					"read_only": {
+						"type": "boolean"
+					},
 					"volumes": {
 						"type": "array",
 						"items": {
diff --git a/php/src/Container/Container.php b/php/src/Container/Container.php
index a89374c6..6fa6585b 100644
--- a/php/src/Container/Container.php
+++ b/php/src/Container/Container.php
@@ -30,6 +30,7 @@ class Container {
     /** @var string[] */
     private array $backupVolumes;
     private array $nextcloudExecCommands;
+    private bool $readOnlyRootFs;
     private DockerActionManager $dockerActionManager;
 
     public function __construct(
@@ -50,6 +51,7 @@ class Container {
         bool $apparmorUnconfined,
         array $backupVolumes,
         array $nextcloudExecCommands,
+        bool $readOnlyRootFs,
         DockerActionManager $dockerActionManager
     ) {
         $this->identifier = $identifier;
@@ -69,6 +71,7 @@ class Container {
         $this->apparmorUnconfined = $apparmorUnconfined;
         $this->backupVolumes = $backupVolumes;
         $this->nextcloudExecCommands = $nextcloudExecCommands;
+        $this->readOnlyRootFs = $readOnlyRootFs;
         $this->dockerActionManager = $dockerActionManager;
     }
 
@@ -88,6 +91,10 @@ class Container {
         return $this->restartPolicy;
     }
 
+    public function GetReadOnlySetting() : bool {
+        return $this->readOnlyRootFs;
+    }
+
     public function GetShmSize() : int {
         return $this->shmSize;
     }
diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index 3185b63c..e23262ce 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -262,6 +262,11 @@ class ContainerDefinitionFetcher
                 $nextcloudExecCommands = $entry['nextcloud_exec_commands'];
             }
 
+            $readOnlyRootFs = false;
+            if (isset($entry['read_only'])) {
+                $readOnlyRootFs = $entry['read_only'];
+            }
+
             $containers[] = new Container(
                 $entry['container_name'],
                 $displayName,
@@ -280,6 +285,7 @@ class ContainerDefinitionFetcher
                 $apparmorUnconfined,
                 $backupVolumes,
                 $nextcloudExecCommands,
+                $readOnlyRootFs,
                 $this->container->get(DockerActionManager::class)
             );
         }
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 5d2f38dd..8663aeea 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -383,6 +383,8 @@ class DockerActionManager
         }
 
         $requestBody['HostConfig']['RestartPolicy']['Name'] = $container->GetRestartPolicy();
+
+        $requestBody['HostConfig']['ReadonlyRootfs'] = $container->GetReadOnlySetting();
  
         $exposedPorts = [];
         if ($container->GetInternalPort() !== 'host') {