From 671edeb1d14b69862df026df77e3adae6a86637b Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 26 Jun 2023 16:55:28 +0200
Subject: [PATCH] make collabora container read-only

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/collabora/Dockerfile | 4 +++-
 php/containers.json             | 4 ++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index 88cda12c..6fda2a06 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -11,7 +11,9 @@ RUN set -ex; \
         tzdata \
         netcat-openbsd \
     ; \
-    rm -rf /var/lib/apt/lists/*
+    rm -rf /var/lib/apt/lists/*; \
+    mkdir -p /opt/cool/child-roots; \
+    chmod 777 -R /opt/cool/child-roots
 
 USER 100
 
diff --git a/php/containers.json b/php/containers.json
index 5686ef6a..ea598170 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -290,6 +290,10 @@
       ],
       "networks": [
         "nextcloud-aio"
+      ],
+      "read_only": true,
+      "tmpfs": [
+        "/opt/cool/child-roots"
       ]
     },
     {