run this to get a container that is only able to read the host filesystem for security monitoring software
#!/bin/bash
# run this to get a container that is only able to read the host filesystem for security monitoring software
# by: Cody Kochmann
sudo rkt run --interactive --volume root,kind=host,source=/,readOnly=true --mount volume=root,target=/media/root --dns=8.8.8.8 quay.io/coreos/alpine-sh