diff options
author | Lennart Poettering <lennart@poettering.net> | 2014-06-05 21:37:40 +0200 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2014-06-05 21:55:06 +0200 |
commit | c8835999c33c0443bf91e1a8fa6dd716a8ff0b0f (patch) | |
tree | 530179a62882bae05a01d1742e94bbd154a41e03 | |
parent | 6d313367d9ef780560e117e886502a99fa220eac (diff) |
namespace: also include /root in ProtectHome=
/root can't really be autofs, and is also a home, directory, so cover it
with ProtectHome=.
-rw-r--r-- | src/core/namespace.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/core/namespace.c b/src/core/namespace.c index fcbfd87d47..43b9045800 100644 --- a/src/core/namespace.c +++ b/src/core/namespace.c @@ -362,7 +362,7 @@ int setup_namespace( strv_length(read_only_dirs) + strv_length(inaccessible_dirs) + private_dev + - (protect_home != PROTECT_HOME_NO ? 2 : 0) + + (protect_home != PROTECT_HOME_NO ? 3 : 0) + (protect_system != PROTECT_SYSTEM_NO ? 1 : 0) + (protect_system == PROTECT_SYSTEM_FULL ? 1 : 0); @@ -399,7 +399,7 @@ int setup_namespace( } if (protect_home != PROTECT_HOME_NO) { - r = append_mounts(&m, STRV_MAKE("-/home", "-/run/user"), protect_home == PROTECT_HOME_READ_ONLY ? READONLY : INACCESSIBLE); + r = append_mounts(&m, STRV_MAKE("-/home", "-/run/user", "-/root"), protect_home == PROTECT_HOME_READ_ONLY ? READONLY : INACCESSIBLE); if (r < 0) return r; } |