Set readOnlyRootFSEnabled Parameter to True

Be aware that configuring this step is entirely optional and should be undertaken exclusively if you seek to enhance the security of your containers.

To change the readOnlyRootfSEnabled setting from false to true, perform the following:

  1. Set readOnlyRootFSEnabled: true in accelo.yml file.
  2. Run the following command:
Bash
Copy
  1. Restart accelo by running the following command:
Bash
Copy

To ensure that all the containers are in ReadOnlyRootFileSystem, run the following command:

Bash
Copy

In case any service requires additional paths to be mounted as tmpfs, you must add it to the <service>.yml file.

For example: ad-proxy.yml

Bash
Copy
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard