From cf96673911d17d469dc8d3b74dca898693022b35 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Mon, 27 Apr 2026 08:30:44 +0000
Subject: [PATCH] feat: add read_only rootfs and rootless user to remaining
 containers

Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/31064944-7096-4e8e-9e8d-e9b9016428fb

Co-authored-by: szaimen <42591237+szaimen@users.noreply.github.com>
---
 php/containers.json | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/php/containers.json b/php/containers.json
index dcf3bed7..aa772f8e 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -366,6 +366,7 @@
       "documentation": "https://github.com/nextcloud/all-in-one/discussions/1358",
       "display_name": "Nextcloud Office",
       "image": "ghcr.io/nextcloud-releases/aio-collabora",
+      "user": "1001",
       "init": true,
       "healthcheck": {
         "start_period": "60s",
@@ -396,6 +397,7 @@
         "collabora"
       ],
       "shm_size": 268435456,
+      "read_only": true,
       "tmpfs": [
         "/tmp"
       ],
@@ -630,6 +632,7 @@
       "hide_from_list": true,
       "image_tag": "%AIO_CHANNEL%",
       "image": "ghcr.io/nextcloud-releases/aio-domaincheck",
+      "user": "100",
       "init": true,
       "ports": [
         {
@@ -791,6 +794,7 @@
       "documentation": "https://github.com/nextcloud/all-in-one/discussions/1709",
       "display_name": "Fulltextsearch",
       "image": "ghcr.io/nextcloud-releases/aio-fulltextsearch",
+      "user": "1000",
       "init": false,
       "healthcheck": {
         "start_period": "60s",
@@ -833,6 +837,11 @@
       "secrets": [
         "FULLTEXTSEARCH_PASSWORD"
       ],
+      "read_only": true,
+      "tmpfs": [
+        "/tmp",
+        "/usr/share/elasticsearch/logs"
+      ],
       "cap_drop": [
         "NET_RAW"
       ]