What is the purpose of setting a container's filesystem to read-only in a Pod spec?
Correct. If the filesystem is read-only, an attacker cannot write new files or modify existing ones, limiting the impact of a breach.
Why this answer
Setting readOnlyRootFilesystem to true makes the container's filesystem immutable, preventing attackers from writing malicious files or altering binaries. It is a security best practice.