diff --git a/gremlin/Chart.yaml b/gremlin/Chart.yaml
index 9fc398b..93312e8 100644
--- a/gremlin/Chart.yaml
+++ b/gremlin/Chart.yaml
@@ -1,5 +1,5 @@
 name: gremlin
-version: 0.25.1
+version: 0.25.2
 description: The Gremlin Inc client application
 apiVersion: v1
 home: https://www.gremlin.com
diff --git a/gremlin/templates/daemonset.yaml b/gremlin/templates/daemonset.yaml
index a928569..22b31e8 100644
--- a/gremlin/templates/daemonset.yaml
+++ b/gremlin/templates/daemonset.yaml
@@ -92,6 +92,7 @@ spec:
           {{- if .Values.gremlin.podSecurity.seLinuxOptions }}
           seLinuxOptions: {{ toYaml .Values.gremlin.podSecurity.seLinuxOptions | nindent 12 }}
           {{- end }}
+          readOnlyRootFilesystem: {{ .Values.gremlin.podSecurity.readOnlyRootFilesystem }}
         env:
           - name: GREMLIN_TEAM_ID
             {{- /* If we aren't managing this secret and a teamID was supplied, assume teamID is not in the external secret */}}
diff --git a/gremlin/tests/daemonset_test.yaml b/gremlin/tests/daemonset_test.yaml
new file mode 100644
index 0000000..c025d50
--- /dev/null
+++ b/gremlin/tests/daemonset_test.yaml
@@ -0,0 +1,21 @@
+suite: Test other daemonset options
+templates:
+  - daemonset.yaml
+release:
+  name: my-release
+  namespace: my-namespace
+  revision: 1
+  upgrade: true
+tests:
+  - it: should set readOnlyRootFilesystem to false when blank
+    asserts:
+      - equal:
+          path: spec.template.spec.containers[0].securityContext.readOnlyRootFilesystem
+          value: false
+  - it: should set readOnlyRootFilesystem when true
+    set:
+      gremlin.podSecurity.readOnlyRootFilesystem: true
+    asserts:
+      - equal:
+          path: spec.template.spec.containers[0].securityContext.readOnlyRootFilesystem
+          value: true
diff --git a/gremlin/values.yaml b/gremlin/values.yaml
index 449c9ff..7a496ae 100644
--- a/gremlin/values.yaml
+++ b/gremlin/values.yaml
@@ -153,6 +153,7 @@ gremlin:
 
     # gremlin.podSecurity.readOnlyRootFilesystem -
     # Forces the Gremlin Daemonset containers to run with a read-only root filesystem
+    # NOTE: When true, Disk and IO experiments against the host will fail unless they target an external volume
     readOnlyRootFilesystem: false
 
     # gremlin.podSecurity.supplementalGroups -