!strv_isempty(context->inaccessible_dirs) ||
context->mount_flags != 0 ||
(context->private_tmp && runtime && (runtime->tmp_dir || runtime->var_tmp_dir)) ||
- context->private_devices) {
+ context->private_devices ||
+ context->read_only_system ||
+ context->protected_home != PROTECTED_HOME_NO) {
char *tmp = NULL, *var = NULL;
tmp,
var,
context->private_devices,
+ context->protected_home,
+ context->read_only_system,
context->mount_flags);
-
if (err < 0) {
r = EXIT_NAMESPACE;
goto fail_child;
"%sPrivateTmp: %s\n"
"%sPrivateNetwork: %s\n"
"%sPrivateDevices: %s\n"
+ "%sProtectedHome: %s\n"
+ "%sReadOnlySystem: %s\n"
"%sIgnoreSIGPIPE: %s\n",
prefix, c->umask,
prefix, c->working_directory ? c->working_directory : "/",
prefix, yes_no(c->private_tmp),
prefix, yes_no(c->private_network),
prefix, yes_no(c->private_devices),
+ prefix, protected_home_to_string(c->protected_home),
+ prefix, yes_no(c->read_only_system),
prefix, yes_no(c->ignore_sigpipe));
STRV_FOREACH(e, c->environment)