quadlet: Change default of ReadOnly to no

This matches the default podman run behaviour.

Signed-off-by: Alexander Larsson <alexl@redhat.com>

docs/source/markdown/podman-systemd.unit.5.md

@@ -138,7 +138,7 @@ For example:
 AddCapability=CAP_DAC_OVERRIDE CAP_IPC_OWNER
 ```
 
-#### `ReadOnly=` (defaults to `yes`)
+#### `ReadOnly=` (defaults to `no`)
 
 If enabled, makes image read-only, with /var/tmp, /tmp and /run a tmpfs (unless disabled by `VolatileTmp=no`).
 

pkg/systemd/quadlet/quadlet.go

@@ -329,7 +329,7 @@ func ConvertContainer(container *parser.UnitFile, isUser bool) (*parser.UnitFile
 		podman.addf("--cap-add=%s", strings.ToLower(caps))
 	}
 
-	readOnly := container.LookupBoolean(ContainerGroup, KeyReadOnly, true)
+	readOnly := container.LookupBoolean(ContainerGroup, KeyReadOnly, false)
 	if readOnly {
 		podman.add("--read-only")
 	}

test/e2e/quadlet/basic.container

@@ -10,8 +10,6 @@
 ## assert-podman-args "--cgroups=split"
 ## assert-podman-args "--sdnotify=conmon"
 ## assert-podman-args "--cap-drop=all"
-## assert-podman-args "--read-only"
-## !assert-podman-args "--read-only-tmpfs=false"
 ## assert-key-is "Unit" "RequiresMountsFor" "%t/containers"
 ## assert-key-is "Service" "KillMode" "mixed"
 ## assert-key-is "Service" "Delegate" "yes"

test/e2e/quadlet/readonly-notmpfs.container

@@ -3,4 +3,5 @@
 
 [Container]
 Image=localhost/imagename
+ReadOnly=yes
 VolatileTmp=no