From 2e87b41672c2cb3d3a71baaedf0e12d1e315d1a6 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 19 Jun 2023 14:44:06 +0200
Subject: [PATCH] make clamav read-only

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/clamav/Dockerfile | 2 +-
 php/containers.json          | 6 ++++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile
index e3daab5e..c00aee2a 100644
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -9,7 +9,7 @@ RUN set -ex; \
     rm /tmp/clamav.conf; \
     mkdir -p /var/run/clamav /run/lock; \
     chown -R clamav:clamav /var/run/clamav /run/clamav /var/log/clamav /var/lock /run/lock; \
-    chmod 770 -R /var/run/clamav /run/clamav /var/log/clamav /var/lock /run/lock
+    chmod 777 -R /var/run/clamav /run/clamav /var/log/clamav /var/lock /run/lock /tmp
 
 VOLUME /var/lib/clamav
 
diff --git a/php/containers.json b/php/containers.json
index 997cd57c..281d7982 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -476,6 +476,12 @@
       ],
       "networks": [
         "nextcloud-aio"
+      ],
+      "read_only": true,
+      "tmpfs": [
+        "/var/lock",
+        "/var/log/clamav",
+        "/tmp"
       ]
     },
     {