Running ontrusted workloads on Nomad

I want to run a few untrusted workloads on Nomad. There are a few things that I don’t know how to accomplish them.

  1. First, I want to disable the Runtime Environment feature. I don’t want Nomad to pass these env variables to tasks.

  2. I want to mount a read-only root filesystem on each task and disable task directories.

Is this possible using the Docker task driver?

I couldn’t find any related option to disable them altogether.