summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2014-06-05 21:37:40 +0200
committerLennart Poettering <lennart@poettering.net>2014-06-05 21:55:06 +0200
commitc8835999c33c0443bf91e1a8fa6dd716a8ff0b0f (patch)
tree530179a62882bae05a01d1742e94bbd154a41e03
parent6d313367d9ef780560e117e886502a99fa220eac (diff)
namespace: also include /root in ProtectHome=
/root can't really be autofs, and is also a home, directory, so cover it with ProtectHome=.
-rw-r--r--src/core/namespace.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/src/core/namespace.c b/src/core/namespace.c
index fcbfd87d47..43b9045800 100644
--- a/src/core/namespace.c
+++ b/src/core/namespace.c
@@ -362,7 +362,7 @@ int setup_namespace(
strv_length(read_only_dirs) +
strv_length(inaccessible_dirs) +
private_dev +
- (protect_home != PROTECT_HOME_NO ? 2 : 0) +
+ (protect_home != PROTECT_HOME_NO ? 3 : 0) +
(protect_system != PROTECT_SYSTEM_NO ? 1 : 0) +
(protect_system == PROTECT_SYSTEM_FULL ? 1 : 0);
@@ -399,7 +399,7 @@ int setup_namespace(
}
if (protect_home != PROTECT_HOME_NO) {
- r = append_mounts(&m, STRV_MAKE("-/home", "-/run/user"), protect_home == PROTECT_HOME_READ_ONLY ? READONLY : INACCESSIBLE);
+ r = append_mounts(&m, STRV_MAKE("-/home", "-/run/user", "-/root"), protect_home == PROTECT_HOME_READ_ONLY ? READONLY : INACCESSIBLE);
if (r < 0)
return r;
}