diff --git a/php/containers.json b/php/containers.json
index fc46b73d..66cc2a7f 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -410,7 +410,11 @@
       "cap_add": [
         "SYS_ADMIN"
       ],
-      "apparmor_unconfined": true
+      "apparmor_unconfined": true,
+      "read_only": true,
+      "tmpfs": [
+        "/tmp"
+      ]
     },
     {
       "container_name": "nextcloud-aio-watchtower",