From 7a85532755dce38c319519d446e7ea544ed021f5 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 19 Jun 2023 13:07:54 +0200
Subject: [PATCH] Make borg read-only

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/containers.json | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/php/containers.json b/php/containers.json
index fc46b73d..66cc2a7f 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -410,7 +410,11 @@
       "cap_add": [
         "SYS_ADMIN"
       ],
-      "apparmor_unconfined": true
+      "apparmor_unconfined": true,
+      "read_only": true,
+      "tmpfs": [
+        "/tmp"
+      ]
     },
     {
       "container_name": "nextcloud-aio-watchtower",