Question: 1/50
A developer deploys a Pod that must write temporary files. Security policy requires avoiding writable container layers and limiting where writes can occur. Which configuration best meets this requirement?
Set the root filesystem to read-only and mount an emptyDir volume at /tmp
Run the container as privileged so it can write to any path it needs
Mount the host root filesystem read-write into the container at /
Add SYS_ADMIN capability so the container can remount the filesystem read-write