From 671edeb1d14b69862df026df77e3adae6a86637b Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 26 Jun 2023 16:55:28 +0200
Subject: [PATCH 1/2] make collabora container read-only

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/collabora/Dockerfile | 4 +++-
 php/containers.json             | 4 ++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 88cda12c..6fda2a06 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -11,7 +11,9 @@ RUN set -ex; \
         tzdata \
         netcat-openbsd \
     ; \
-    rm -rf /var/lib/apt/lists/*
+    rm -rf /var/lib/apt/lists/*; \
+    mkdir -p /opt/cool/child-roots; \
+    chmod 777 -R /opt/cool/child-roots
 
 USER 100
 
diff --git a/php/containers.json b/php/containers.json
index 5686ef6a..ea598170 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -290,6 +290,10 @@
       ],
       "networks": [
         "nextcloud-aio"
+      ],
+      "read_only": true,
+      "tmpfs": [
+        "/opt/cool/child-roots"
       ]
     },
     {

From 182f24bb4c660e362d5738e8303e756ca45e3156 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 26 Jun 2023 17:09:41 +0200
Subject: [PATCH 2/2] allow hyphens

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/containers-schema.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/containers-schema.json b/php/containers-schema.json
index 84343317..df828f5e 100644
--- a/php/containers-schema.json
+++ b/php/containers-schema.json
@@ -141,7 +141,7 @@
 						"type": "array",
 						"items": {
 							"type": "string",
-							"pattern": "^/[a-z/_]+$"
+							"pattern": "^/[a-z/_-]+$"
 						}
 					},
 					"volumes": {